Thus spake Marcus J. Ranum:
> If Java applets run with write permissions turned off, is
> it possible to write an applet that, when you run it, FTPs your
> password file, .rhosts file, $MAIL, etc, to a dead-drop? There
> might be useful stuff in those.
As per the Java documentation, applets do not (under the default
configuration) have any (direct) access to the filesystem. It's
possible that they could impact the filesystem in some way if the
browser caches images, etc. loaded by the applet, and there's always
virtual memory exhaustion, but there's no direct access. No reading,
no writing, no executing, no ogling of inodes, nothing.
#> Mike Shaver (shaver @
com) Ingenia Communications Corporation <#
#> UNIX medicine man -- dark magick, cheap! <#
#> When the going gets tough, the tough give cryptic error messages. <#
#> "We believe in rough consensus and running code." <#