Create an applet to access the hardrive


An applet is a program written in the Java programming language that can be induced in an HTML page, in the same way an image is included in a page. Applets are used to provide interactive features to web applications, which aren't native to HTML. Most of the time, Java applets security totally bans access to resources from a machine (hard disk, the registry, etc..) And network (applet can only communicate with its server origin.)

If you want to create an applet that exceeds these securities, it is required:

- To create a cryptographically signed applet
and
- That the user explicitly allows the applet to access the system
(This is a voluntary action by the user who cannot be exceeded.)

Once these two conditions are met, you can read / write to disk, launch programs (Runtime.getRuntime ().exec ("...")), download things (url connection) or use the eval ( ) command.

Intructions:
As usual create a .jar file.

  • Your encryption key will sign you in your applets.
  • Type: keytool-genkey-alias (your alias name)

and enter the necessary information. Remember the password you entered to protect this key.

  • You do need to generate your key once. Once your key, you can use it to sign all the applet you want.
  • (Note that your key can optionally have an expiration date.)
  • Note: On Windows, the key is placed in the user profile.
    • (\Documents and Settings\yourlogin\.Keystore)
  • You must protect at all costs this keystore.
  • ( someone could create malicious applets signed by you!)

  • Type: jarsigner -verbose monapplet.jar votreNomdAlias
  • Enter your Key password.
  • So now, your applet is signed.

  • Place your applet on the server (this is important), and test.
  • You will see a window for Security Warning that asks the user if he allows this applet.

Example:

.

===Note that==

  • The popup message saying that the cryptographic signature is invalid is actually false:
  • The applet has an cryptographic signatures (yours), but this signature was not validated by a certification authority (Thawte, VeriSign, etc.).
  • This validation third (PKI) is charged.
  • But technically, it is not absolutely necessary and does not diminish the safety operation of your applet.
  • It's just that giving money to some PKI (whose keys are installed by default in browsers) you can get rid of this warning.
  • To see if it is worth paying for it.
Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM.net. CCM reaches more than 50 million unique visitors per month and is available in 11 languages.
This document, titled « Create an applet to access the hardrive », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (ccm.net).
1 Comment