Security options for my requirements

[jarjarbinks]

Hello All,

I'm feeling like a total newbie, but since my question is very focused on applet security, I think it's better to post here instead of in the "New to Java" section. @Moderator : feel free to move it.

So here is my story :

Knowing nearly nothing about Java, I managed to build an applet whose purpose is to encrypt/decrypt some elements in a html page.

When the page is loaded in the browser, javascript passes the encrypted element content to the applet's decrypt function.

The applet returns the decrypted value and javascript replaces the encrypted element value with the cleartext.

The applet needs to access the user's certificate in the browser keystore ("SunMSCAPI" for windows, "Mozilla-JSS" for Linux).

The applet needs also to phone home using an SSL connection.

The crypto functions are supplied by a BouncyCastle JAR.

As a total newbie working under the deadline pressure, I tried everything found here and there to make my applet work, without knowing precisely what I was doing.

As a result, my code has several "doPrivileged()" calls, my policy is "permission java.security.AllPermission;", and my applet is (self) signed.

This works well, after the user has clicked the "Always trust..." checkbox on several popups mentioning "..UNKNOWN publisher..." the first time the applet is used.

So here is my question : do I really need special security settings to allow the applet to do its job ?

Is is possible to do the same job without signing the applet ?

Does my user really need to lower the Java security in his/her browser to allow my applet to run ?

TIA

[DarrylBurke]

I'm feeling like a total newbie, but since my question is very focused on applet security, I think it's better to post here instead of in the "New to Java" section. @Moderator : feel free to move it.

Welcome to the forum, and this is the right place for the question.

db

[jarjarbinks]

Welcome to the forum, and this is the right place for the question.

db

Hi Darryl,

Since you are also a "Rancher" (Bartender to be precise), do you think I could get answers if I cross posted my question on the Java Ranch forum ?

[DarrylBurke]

Applets aren't as popular as they once were, and the security model changed between Java 6 and Java 7 (and then some) but you could try elsewhere.

Don't forget to link to all cross posts so that anyone who has a solution isn't antagonized.

db