Applet security is generally thought of as a needed protection by most Java programmers. The ability to download code live is a major advantage, but it is also a great tool for the same kind of people who like to write viruses that infect your PC. The developers of Java took that into account and developed a security model that helps protect your system from malicious attacks. You may consider some of the applet security restrictions a pain, but it is much better to have too much security than too little.

These restrictions do not apply to applications, because they are meant to access local files and the local network. The security restrictions are there to help guard you from loading a malicious program that can be hidden on a Web page. You have to manually run an application on your local system, however, so you are at fault if the application is malicious.

Although enforcement of policies during code execution is a substantial part of security, proper security starts at the very beginning, during the generation of byte code. A language's type safety, which is enforced by the compiler and checked by the runtime environment, proves critical to an overall secure environment. Many of the earliest security breaches stemmed from the ability to easily overflow buffers or access memory unimpeded, situations caused in part by a language's poor type safety and inadequate enforcement in the executing environment.

Moreover, because memory de-allocation in Java is the garbage collector's responsibility rather than the programmer's, Java avoids many common programming errors in C and C++ caused by faulty memory de-allocation. Finally, the compiler enforces exception-catching. This discipline of catching and fixing potential errors may not have direct security implications. However, an unhandled error might lead to unpredictable behavior, which, from a security standpoint, should be avoided.

File Access Restrictions
Java Applets are not allowed to read the local file system. They can’t even read files in a read only mode. This protects the end user form hidden applets browsing their local hard drive(s) for information.

Network Restrictions
An Applet is not allowed to listen for connections. They also cannot send data back to any other source other then the originating home server. These security restrictions are there to protect organizations that run a firewall. The problem with Applets is that they run inside the firewall so these restrictions help prevent malicious code.

Other Security Restrictions

• Non-local Applets may not access the system properties. This keeps websites with Applets from reading information from your local computer. Only locally run Applets can do these advanced things.
• Applets cannot execute other files on your local machine. This prevents an applet from deleting files or running malicious code on your local machine.
• Applets may not be able to define classes that belong to certain packages. Typically, they cannot define classes for the java and sun packages. Also, Netscape does not permit applets to define classes in the Netscape package.