Netscape will announce next month an enhancement to Java, called the object signing model, that will allow Java objects access to resources on users' computers that were previously inaccessible.
Java applets run in a secure mode, known as the sandbox, that isolates them from computer resources such as the hard drive. "The Netscape client will present the user with options on what resources the object will be allowed to use," says Eric Greenberg, group security product manager at Netscape. "We broke a wall in the side of the sandbox."
The Java object signing model technology will be made available in "the time frame of the next release of Navigator", Greenberg says.
Navigator 4.0 is scheduled to be previewed at the Netscape Developers Conference in October. The Java object signing model will also provide users with tools that will allow them to sign Java objects, Greenberg says, which will complement not only the sandbox management feature but also existing code-signing initiatives such as Microsoft's AuthentiCode.
Because of built-in security features in the Java programming language, Java-built objects are not currently capable of accessing certain resources on a host computer, such as the hard drive. "What we are doing is giving Java the full range of resource use on a computer," Greenberg says.
Greenberg says that, because of Java language definitions, the sandbox management tool will warn a user before the object causes damage. "With Java classes defined, you can tell what resources will be accessed by an object," Greenberg says. "You would be warned of a drive format, for example."
Greenberg says Netscape is also considering virus scanning and Java class scanning as future features of the Java object signing model.
The AuthentiCode initiative is Microsoft's attempt to deal with security concerns raised by downloading ActiveX components. ActiveX components, unlike Java applets, have access to the entire host computer, including hard drives, but there is no way to limit that access. And ActiveX components can execute functions such as turning off the host computer or erasing or damaging hard drives.
The AuthentiCode initiative allows developers to obtain a certificate through VeriSign that can be presented to the user of the ActiveX component before the user authorises a download. Although Microsoft has argued that security issues with ActiveX are less important than its capability to enable direct interaction with the OS, Netscape can now argue that it has the best of both worlds.
"ActiveX was designed for full access to the system; Java was designed for safety. Now Java can do much of what ActiveX can do," says Martin Haberle, director of technology at Netscape.
Analysts says the key to Java applet security would be high-grade certification. "If a certificate can be tied to the code, then it can shut the door before any harm is done. That will provide real security," says Rob Enderle, an industry analyst at Giga Information Group, in Santa Clara, California.