The Web browser itself plays a large role in the security of the
system. The Web browser defines and implements a security policy for
running downloaded Java code. A Java enabled Web browser will include
a Java interpreter and runtime library along with classes added to
implement a SecurityManager and various ClassLoaders. From a security
standpoint, the Web browser's implementation of the SecurityManager is
much more critical than the implementation of the
ClassLoaders.
Some discussion of how to increase security via the
ClassLoader is discussed in Section 4.2.2.
The SecurityManager controls the access to critical system resources. This allows the writer of a Web browser to implement a specific security policy by subclassing the SecurityManager and overriding certain methods, and then installing the new version as the system SecurityManager. Since the subclassed SecurityManager implements the security policy, it is critical that the Web browser's version of the SecurityManager is implemented correctly. In the extreme, if a Java enabled Web browser did not install a system SecurityManager, an Applet would have the same access as a local Java application.
The Web browser's security policy can be made arbitrarily complex since the SecurityManager hooks provide a flexible interface. Any policy that can be programmed can be used. For example, the policy can have the SecurityManager query the user with information regarding any particular requested access.