UrlBlogGrey

As part of a new assignment at work, I've been experimenting with the use of user-configured MIME types to load external content from a Java Applet. Specifically, I want a Java Applet to trigger to loading of an arbitrarily-typed file in the appropriate application. This means opening Word for a Word document, Excel for a spreadsheet, etc.

Applets are a weird thing. They have an odd security model that assumes the User can accurately make the distinction between "friend" and "foe". Most Applets are assumed to be "foes", which is fine for most situations. Loading files in helper applications requires "friend" status according to the default security policy. This can be achieved by signing the archive used to convey the Applet with a digital certificate. The certificate can be signed by a Certificate Authority (CA), or by an unverified individual (self-signed certificate).

The rub is that the user is required to make the distinction between a certificate that has been registered with a CA, and a certificate that was generated by a potentially-malicious individual. The distinction is often a subtle one to the user. And the consequences of letting a malicious Applet run can be significant.

Our commercial product uses a certificate that has been registered with a CA, so this won't be a problem. But I'm reminded of the fragility of the security model and how much it relies on user-sophistication.