I'm trying to compile a complete list of all restrictions placed on unsigned Java applets (defined as things a normal Java application can do, but an unsigned Java applet cannot).
This is the list I've compiled so far:
An unsigned Java applet ...
- Cannot access the local filesystem.
- Cannot access the system clipboard.
- Cannot initiate a print job.
- Cannot connect to or retrieve resources from any third party server (any server other than the server the applet originated from).
- Cannot use multicast sockets.
- Cannot create or register a SocketImplFactory, URLStreamHandlerFactory, or ContentHandlerFactory.
- Cannot listen to incoming socket connections.
- Cannot listen for datagrams.
- Cannot access some of the system properties (java.class.path, java.home, user.dir, user.home, user.name).
- Cannot create or register a SecurityManager object.
- Cannot dynamically load native code libraries with the load() or loadLibrary() methods of Runtime or System.
- Cannot spawn new processes by calling any of the Runtime.exec() methods.
- Cannot create or access threads or thread groups outside of the thread group in which the untrusted code is running.
- Cannot define classes in
java.*,sun.*andnetscape.*. - Cannot explicitly load classes from the
sun.*package. - Cannot exit the Java interpreter by calling System.exit() or Runtime.exit().
- Cannot access the system event queue.
- Cannot use the java.lang.Class reflection methods to obtain information about nonpublic members of a class, unless the class was loaded from the same host as the untrusted code.
- Cannot manipulate security identities in any way (java.security).
- Cannot set or read security properties (java.security).
- Cannot list, look up, insert, or remove security providers (java.security).
Question: Are there any restrictions missing? If so, please clearly state what restriction you believe is missing from the list.