Java Security and file size

[Kenneth P. Turvey]

I'm thinking about working on a project with a friend of mine, but there
are some issues that I'm not sure how to handle. I'm going to break them
into a few different posts since the issues are unrelated to each other
and people may choose to ignore some of them that way.

There first issue is how to handle security for an application that is
running on a third parties machine. The idea is that this application
would be much like an applet. We would like to give the applet permission
to use the file system for scratch pad work, but to limit the access the
applet has.

In particular we would like to limit it to a specific directory, maybe
"/tmp" under Unix and the equivalent under Windows. I know how to handle
this in Java without a problem. The problem comes when we want to limit
how much disk space the applet is allowed to use. We don't want it to
use all the available resources on the client computer. So maybe we limit
it to 100 MB. I don't see how to do this in Java.

Now, it would be just fine to limit the applet to use only a single file
for scratch pad use and to just create that file with a size of 100 MB on
installation. If there is some way to tell Java that it isn't allowed to
expand the file in any way, that would also solve the problem.

Basically we want something like the sandbox for applets, but with access
to the file system on a limited basis.

Is there a way to do this?

Thanks.

Also any references to how to handle security of this type in an
application would be greatly appreciated.

 

[Daniel Pitts]

I'm thinking about working on a project with a friend of mine, but there
are some issues that I'm not sure how to handle. I'm going to break them
into a few different posts since the issues are unrelated to each other
and people may choose to ignore some of them that way.

There first issue is how to handle security for an application that is
running on a third parties machine. The idea is that this application
would be much like an applet. We would like to give the applet permission
to use the file system for scratch pad work, but to limit the access the
applet has.

In particular we would like to limit it to a specific directory, maybe
"/tmp" under Unix and the equivalent under Windows. I know how to handle
this in Java without a problem. The problem comes when we want to limit
how much disk space the applet is allowed to use. We don't want it to
use all the available resources on the client computer. So maybe we limit
it to 100 MB. I don't see how to do this in Java.

Now, it would be just fine to limit the applet to use only a single file
for scratch pad use and to just create that file with a size of 100 MB on
installation. If there is some way to tell Java that it isn't allowed to
expand the file in any way, that would also solve the problem.

Basically we want something like the sandbox for applets, but with access
to the file system on a limited basis.

Is there a way to do this?

Thanks.

Also any references to how to handle security of this type in an
application would be greatly appreciated.

If you're the ones writing the code for the applet, then you have
control over how much disk space it uses. If the applet execute Java
code /not/ written by you, then you will have to use a security manager.
I don't know if there is a way to handle disk quota with a security
manager, but maybe googling for Java Security Manager Disk Quota.

Good Luck,
Daniel.

 

[rossum]

In particular we would like to limit it to a specific directory, maybe
"/tmp" under Unix and the equivalent under Windows. I know how to handle
this in Java without a problem. The problem comes when we want to limit
how much disk space the applet is allowed to use. We don't want it to
use all the available resources on the client computer. So maybe we limit
it to 100 MB. I don't see how to do this in Java.

You can determine the size of a file by using the length() method of
the File class which returns the file size in bytes. Keep track of
the size of every file your applet creates and delete old files when
the limit would be exceeded.

rossum

 

[Kenneth P. Turvey]

You can determine the size of a file by using the length() method of
the File class which returns the file size in bytes. Keep track of
the size of every file your applet creates and delete old files when
the limit would be exceeded.

The problem with this is that the code won't be written by me. I want to
limit the resource usage of code that I didn't write. I think the way to
do this is with a security manager, but I can't seem to find out exactly
how to do it.

 

[Andrew Thompson]

On Oct 24, 1:19 am, "Kenneth P. Turvey" <[email protected]>
wrote:
....

Basically we want something like the sandbox for applets, but with access
to the file system on a limited basis.

javax.jnlp.PersistenceService
<http://www.physci.org/jws/#ps>

The space allowed is suggested* by the application,
but approved by the end-user.

*
<http://java.sun.com/javase/6/docs/jre/api/javaws/jnlp/javax/jnlp/
PersistenceService.html#create(java.net.URL,%20long)>

Andrew T.

 

[Roedy Green]

We would like to give the applet permission
to use the file system for scratch pad work, but to limit the access the
applet has.

Could you not just hard code the restriction into the application? It
would be no harder/easier to bypass by changing the code than any
security sandbox.

 

[Kenneth P. Turvey]

javax.jnlp.PersistenceService
<http://www.physci.org/jws/#ps>

The space allowed is suggested* by the application,
but approved by the end-user.

This probably isn't going to be a web start application, but thanks for
the info.

I think what this really means is that I'm going to have to write a class
that allows for the use of the file system and supports the Security
Context somehow.

We'll see.