/* POLICY FILE PROPOSED FOR DEBATEDECIDE */ /* YOU CAN EDIT IT AS YOU WANT */ /******************************************** Mon Dec 22 21:52:25 EST 2008 Provided as example by DebateDecide To be stored with the file "debatedecide.certs" in the location specified in "deployment.properties" as a relative path to: (replace [yourname] with your login name) o WinXP: C:\Documents and Settings\[yourname]\Application Data\Sun\Java\Deployment\security\ o Vista: C:\Users\[yourname]\AppData\LocalLow\Sun\Java\Deployment\security\ o MacOS: /Users/[yourname]/Library/Caches/Java/security/ o Linux: /home/[yourname]/.java/deployment/security/ Note: I am not conviced that all OSs look for it there, and not sometimes in the same folder as "deployment.properties" The default keystore is the "trusted.certs" file in that folder **********************************************/ keystore "debatedecide.certs", "JKS"; /* PERMISSIONS FOR DebateDecide Applets */ grant signedBy "deploymentusercert$tsflag2716916312334474739" { permission java.io.FilePermission "${user.home}${/}DebateDecide", "read, write, execute"; permission java.io.FilePermission "${user.home}${/}DebateDecide${/}-", "read, write, delete, execute"; permission java.security.SecurityPermission "putProviderProperty.BC"; permission java.security.SecurityPermission "insertProvider.BC"; permission java.util.PropertyPermission "user.home", "read"; permission java.util.PropertyPermission "user.language", "write"; permission java.awt.AWTPermission "showWindowWithoutWarningBanner"; /* THE FOLLOWING PERMISSION IS REQUESTED IN WINDOWS FOR ACCESSING THE NAME OF THE HOME FOLDER */ permission java.util.PropertyPermission "user.dir", "read"; /* THE FOLLOWING PERMISSION IS REQUESTED IN WINDOWS FOR BROWSING IN THE DebateDecide FOLDER */ permission java.lang.RuntimePermission "modifyThread"; /* THE FOLLOWING PERMISSION IS REQUESTED IN Macintosh FOR BROWSING IN THE DebateDecide FOLDER */ /* This permissions do not allow the applets to even see any other file except for DebateDecide*/ permission java.io.FilePermission "/Users", "read"; permission java.io.FilePermission "${user.home}", "read"; }; /* PERMISSIONS FOR DebateDecide Applets, version if keys change */ grant codeBase "http://debatedecide.org/-" { permission java.io.FilePermission "${user.home}${/}DebateDecide", "read, write, execute"; permission java.io.FilePermission "${user.home}${/}DebateDecide${/}-", "read, write, delete, execute"; permission java.security.SecurityPermission "putProviderProperty.BC"; permission java.security.SecurityPermission "insertProvider.BC"; permission java.util.PropertyPermission "user.home", "read"; permission java.util.PropertyPermission "user.language", "write"; permission java.awt.AWTPermission "showWindowWithoutWarningBanner"; /* THE FOLLOWING PERMISSION IS REQUESTED IN WINDOWS FOR ACCESSING THE NAME OF THE HOME FOLDER */ permission java.util.PropertyPermission "user.dir", "read"; /* THE FOLLOWING PERMISSION IS REQUESTED IN WINDOWS FOR BROWSING IN THE DebateDecide FOLDER */ permission java.lang.RuntimePermission "modifyThread"; /* Konqueror Wants the following permission */ permission java.lang.RuntimePermission "modifyThreadGroup"; /* THE FOLLOWING PERMISSION IS REQUESTED IN Macintosh FOR BROWSING IN THE DebateDecide FOLDER */ /* This permissions do not allow the applets to even see any other file except for DebateDecide*/ permission java.io.FilePermission "/Users", "read"; permission java.io.FilePermission "${user.home}", "read"; }; /* THE FOLLOWING CODE IS THE Legion of the BouncyCASTLE CODE SIGNED BY SUN */ /* THEREFORE YOU CAN TRUST IT */ /* IN FACT, YOU MAY RESTRICT ITS PERMISSIONS, BUT I DID NOT */ /* FIND TIME TO GUESS THE MINIMAL SET OF PERMISSIONS THAT IT NEEDS */ /* IT IS ACTUALLY A GOOD IDEA TO AUTHORIZE THE SUN SIGNED BouncyCastle CRYPTOGRAPHY LIBRARY */ /* INDEPENDENTLY OF THE WEBSITE, SINCE I MAY HAVE TO MOVE IT TO A FASTER SERVER */ grant signedBy "deploymentusercert$tsflag3481505301119860176" { permission java.security.AllPermission; }; /* STILL, YOU CAN GIVE YOURSELF PERMISSIONS */ grant codeBase "http://localhost/-" { permission java.security.AllPermission; /* Here are some that I found*/ permission java.util.PropertyPermission "org.bouncycastle.pkcs1.strict", "read"; }; grant codeBase "https://localhost/-" { permission java.security.AllPermission; };