1 Reply Latest reply on Jan 23, 2007 5:22 PM by 807607

    Policy files in stand-alone apps... what is the point?

      I'm trying to get a better understanding of Java security, but it seems like this very basic topic is flying over my head.

      I understand the purpose of security policy files in applets or distributed applications, but in a stand-alone application, what is the point in using them? Let's say I only want my program to be able to write to somefile.txt, and prevent a malicious user from modifying my program to access other files. Great, I create a policy file that allows write permissions to somefile.txt.

      Couldn't said malicious user crack my 'ingenious' security by just editing the policy file? Again, what is the point? I could sign the policy file, but since the signature and policy file are both located on the local machine, this represents a very minor hurdle.

      I really think I'm just missing the point entirely here. Any help would be greatly appreciated.