The Applet ‘Sandbox’ Model
Untrusted code cannot:
- Read files (except from host URL)
- List Directories
- Obtain file information (existence, size, date, etc.)
- Write, Delete, Rename files or directories
- Read or write from FileDescriptor objects
- Listen/Accept on any privileged port <= 1024
- Call System.exit() or Runtime.ext()
- Create new processes with Runtime.exec()
- Start a print job, access clipboard or event queue
Get full access to System.getProperty(), but it can
use getProperty() to find:
java.version, java.class.version, java.vendor,
java.vendor.url, os.name, os.version
os.arch, file.separator, path.separator,
line.separator
Remaining weak-spot: Denial of Service Attacks