This discussion is archived
1 Reply Latest reply: Jan 23, 2007 9:22 AM by 807607 RSS

Policy files in stand-alone apps... what is the point?

807607 Newbie
Currently Being Moderated
I'm trying to get a better understanding of Java security, but it seems like this very basic topic is flying over my head.

I understand the purpose of security policy files in applets or distributed applications, but in a stand-alone application, what is the point in using them? Let's say I only want my program to be able to write to somefile.txt, and prevent a malicious user from modifying my program to access other files. Great, I create a policy file that allows write permissions to somefile.txt.

Couldn't said malicious user crack my 'ingenious' security by just editing the policy file? Again, what is the point? I could sign the policy file, but since the signature and policy file are both located on the local machine, this represents a very minor hurdle.

I really think I'm just missing the point entirely here. Any help would be greatly appreciated.