The Microsoft SDK for Java includes signcode, a utility that enables you to sign cabinet files with Java permissions. While encoding permissions inside an applet is optional, it provides the following additional benefits over regular signing:
If an applet is signed in the "old" style (without Java information), the user must choose between running it in the Java "sandbox," or allowing it to be fully trusted. For example, permission signing enables applets to request permission to store only temporary files on the client's disk. Users of a permission-signed applet can allow it to run without worrying that it will have full access to their system.
When Microsoft® Internet Explorer zones are used, applets might automatically receive some permissions when they are downloaded from a certain zone. When an applet is signed with the permissions it needs, the user will not be queried if the zone automatically grants the permissions.
Using signcode, you can sign a cabinet file with one of three security levels. They work together with the zone security levels Microsoft® Internet Explorer to determine what an applet can do.
This section includes the following topics:
Cabinet File Permission Levels describes the three security levels as well as special considerations for cabinet files containing Microsoft® ActiveX® Controls.
Internet Explorer Zones describes the four Microsoft® Internet Explorer zones and the security levels that can be assigned to each.
Determining What an Applet Can Do describes how cabinet file and Internet Explorer zone security levels work together to determine what an applet can do.
Signing a Cabinet File with Java Permissions provides a brief description of the signcode tool and a tutorial on signing cabinet files.
For information on trusted code, see Guidelines for Making Java Code Trusted.