source: What Applets Can and Cannot Do from Oracle website
Unsigned applets can perform the following operations:
- They can make network connections to the host they came from.
- They can easily display HTML documents using the
showDocumentmethod of the
- They can invoke public methods of other applets on the same page.
- Applets that are loaded from the local file system (from a directory in the user’s
CLASSPATH) have none of the restrictions that applets loaded over the network do.
- They can read secure system properties. See System Properties for a list of secure system properties.
- When launched by using JNLP, unsigned applets can also perform the following operations:
- They can open, read, and save files on the client.
- They can access the shared system-wide clipboard.
- They can access printing functions.
- They can store data on the client, decide how applets should be downloaded and cached, and much more. See JNLP API for more information about developing applets by using the JNLP API.
Unsigned applets cannot perform the following operations:
- They cannot access client resources such as the local filesystem, executable files, system clipboard, and printers.
- They cannot connect to or retrieve resources from any third party server (any server other than the server it originated from).
- They cannot load native libraries.
- They cannot change the SecurityManager.
- They cannot create a ClassLoader.
- They cannot read certain system properties. See System Properties for a list of forbidden system properties.
Signed applets do not have the security restrictions that are imposed on unsigned applets and can run outside the security sandbox.