Jim Miller (jim_miller@bilbo.suite.com) writes: Of course it would be a lot easier for the applet to just try to read the secret key file, encrypt it with an embedded public key, and post it to alt.anonymous.messages.
If I understand Java security correctly, the applet can just send data back to the server it was loaded from, but can't read random files on the machine it runs on (even if the user running it can read them). Java is beginning to become cluefull about the idea that a program is not the same as the person running it, and should not have the same privileges. In this area, most OSs (inluding Unix) are totally clueless, which is why the Orange Book has mandatory security requirements at the "B" and above levels. ----------------------------------------------------------------- Bill Frantz Periwinkle -- Computer Consulting (408)356-8506 16345 Englewood Ave. frantz@netcom.com Los Gatos, CA 95032, USA