Microsoft SDK for Java

Determining What an Applet Can Do

When a signed cabinet file is downloaded from a page, the signature is examined to see if it contains permission information. If so, Internet Explorer and the Microsoft virtual machine work together to determine what the applet will be allowed to do. This determination is based on the security level of the zone the cabinet file is downloaded from, the permissions requested in the cabinet signature, and the response of the user, if needed.

If a cabinet file is signed at a certain security level, it will be allowed to run with that level of permission without any intervention from the user, but only if the zone is set at that same level or less secure. However, if a cabinet file is requesting permissions greater than those that can be automatically granted by a zone, the user is presented with a query. If the user agrees to let the applet run, it runs with the signed permissions. Otherwise, the applet will not be allowed to run.

The following table details this behavior.

Zone level Cabinet files signed with this level
  High Medium Low
High Runs in High Query (Yes = Medium) Query (Yes = Low)
Medium Runs in High Runs in Medium Query (Yes = Low)
Low Runs in High Runs in Medium Runs in Low

If the user is presented with a query and denies the request, the applet will not run.

© 1999 Microsoft Corporation. All rights reserved. Terms of use.