This page gives an overview of both the restrictions applets face and the special capabilities they have. You'll find more details in the Security Restrictions section.

Security Restrictions

Every browser implements security policies to keep applets from compromising system security. This section describes the security policies that current browsers adhere to. However, the implementation of the security policies differs from browser to browser. Also, security policies are subject to change. For example, if a browser is developed for use only in trusted environments, then its security policies will likely be much more lax than those described here.

Current browsers impose the following restrictions on any applet that is loaded over the network:

• An applet cannot load libraries or define native methods.
• It cannot ordinarily read or write files on the host that's executing it.
• It cannot make network connections except to the host that it came from.
• It cannot start any program on the host that's executing it.
• It cannot read certain system properties.
• Windows that an applet brings up look different than windows that an application brings up.

Each browser has a SecurityManager object that implements its security policies. When a SecurityManager detects a violation, it throws a SecurityException. Your applet can catch this SecurityException and react appropriately.

Applet Capabilities

The java.applet package provides an API that gives applets some capabilities that applications do not have.

Here are some other things that current browers and other applet viewers let applets do:

• Applets can usually make network connections to the host they came from.
• Applets running within a Web browser can easily cause HTML documents to be displayed.
• Applets can invoke public methods of other applets on the same page.
• Applets that are loaded from the local file system (from a directory in the user's CLASSPATH) have none of the restrictions that applets loaded over the network do.