Disabling Unsigned Applets Appears to Disable Signed Applets (305830)


The information in this article applies to:

  • Microsoft Internet Explorer version 6 for Windows 98
  • Microsoft Internet Explorer version 6 for Windows 98 Second Edition
  • Microsoft Internet Explorer version 6 for Windows Millennium Edition
  • Microsoft Internet Explorer version 6 for Windows NT 4.0
  • Microsoft Internet Explorer version 6 for Windows 2000
  • Microsoft Internet Explorer version 6 for Windows XP
This article was previously published under Q305830
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS

When you are using the Microsoft Java Virtual Machine version 5.00.3802, the disabling of unsigned applets also appears to disable signed applets.

CAUSE

This behavior can occur because to fix a security vulnerability, it is necessary to give unsigned applets the right to connect to the originating server for any code to run, as before the cab or class file has been downloaded, it is not known what permissions the applet will have. The security vulnerability is described in the following Microsoft Knowledge Base article:

253562 FIX: Untrusted Code Can Access Files on End-User Systems

RESOLUTION

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To alter this behavior, use either of the following methods.

To Allow All Unsigned Applets

  1. On the Tools menu in Internet Explorer, click Internet Options.
  2. Click the Security tab.
  3. Click Custom Level.
  4. Under Java Permissions, click Custom, click Java Custom Settings, and then click Edit Permissions.
  5. Set "Run Unsigned Content" to Run in Sandbox or Enable, and then click OK until all open dialog boxes are closed.

To Allow Unsigned Applets Only the Right to Connect Back to the Originating Server

  1. Close all browser windows.
  2. Run Regedit.exe on the Zonedon.reg file in the System32 folder to turn on the advanced Java zone settings editor.
  3. On the Tools menu in Internet Explorer, click Internet Options.
  4. Click the Security tab.
  5. Click Custom Level.
  6. Under Java Permissions, click Custom, click Java Custom Settings, and then click Advanced Edit.
  7. Under Unsigned Permission, click Edit.
  8. Go through all of the tabs and disable everything except the non-file URL connect access option on the Network tab and (if you need to run applets from file: URL pages) the access to file URL codebase option on the File tab.
  9. Save your changes, and then close all of the dialog boxes.
NOTE: It is also possible to make the preceding changes by using the Cprmedit.exe tool in the Microsoft Java Software Development Kit.

STATUS

This behavior is by design.

MORE INFORMATION

When you allow unsigned applets the right to connect back to the originating server, they have basic rights to run simple applets which are unable to read from the file system or from the registry.
Modification Type:MajorLast Reviewed:12/5/2003
Keywords:kbenv kbpending kbprb KB305830
©2003 Microsoft Corporation. All rights reserved.