I'm trying to get a better understanding of Java security, but it seems like this very basic topic is flying over my head.
I understand the purpose of security policy files in applets or distributed applications, but in a stand-alone application, what is the point in using them? Let's say I only want my program to be able to write to somefile.txt, and prevent a malicious user from modifying my program to access other files. Great, I create a policy file that allows write permissions to somefile.txt.
Couldn't said malicious user crack my 'ingenious' security by just editing the policy file? Again, what is the point? I could sign the policy file, but since the signature and policy file are both located on the local machine, this represents a very minor hurdle.
I really think I'm just missing the point entirely here. Any help would be greatly appreciated.