Marianne Mueller (mrm@netcom.com) writes that
people need to be aware up front that calling native code from a Java applet disables any security that might otherwise be enforced for the applet.
Would it be more accurate to state that native code called by a Java applet disables Java virtual machine security, but is still bound by security policies enforced by the operating system itself? It would be most unfortunate if a browser run by an unprivileged user could attain "root" privileges by running a Java applet that called an appropriate (or inappropriate) native method. Of course, on inherently unprotected systems (PC's), there is indeed no protection. Perhaps Java will cause vendors to improve overall operating system robustness. Martin Minow minow@apple.com