Impact of System.setSecurityManager(null)

Question

I was facing some issue in Applet. Here is the links for that issue.

java.security.AccessControlException: access denied ("java.security.SecurityPermission&quo

Answer 1

Clearing the security manager in an applet is a really bad idea. If the applet has that permission, then it can do anything as the local user anyway. However, once you clear the security manager that becomes true of all code running in that process, including unsigned applets from other sites. Any applet (signed with a valid certificate) that clears the security manager should be blacklisted.