Java offers a number of different ways to run Java software. Two
of the most common are applets and applications.
Webstart is a way of executing applications.
Applets are designed to provide a safe mechanism for Java code to be
run over the internet in a web browser. To be "safe," a number of security
restrictions have been placed on applets such as the inability to read or
write local files. While applets are generally considered safe, the security
limitations significantly impact the usefulness of the applets and make
them difficult to write. Because of this many developers have chosen
to use alternative technologies such as Flash, Perl and PHP for applications
that might have otherwise been well suited to Java.
The benefit of using applets is that all the end user (generally) needs is
a Java aware web browser, although even this has been complicated by the
legal disputes between Microsoft and Sun.
The trade-off is thus between the safety and convenience of use and the
usefulness of the applet. Applets are safer and more convenient, but
generally less useful.
This applet does not work on Mac OS X Tiger (Java 1.5) but works with Java 1.42. Use WebStart instead.
Applications are not restricted in the same way applets are. Applications
can be much more powerful because there are no limitations on how
they interact with their host computers. That power
comes with a price, namely the danger that an application can do something
malicious (delete files, etc.) and the necessity of a local Java runtime
The trade-off is thus between the power and flexibility of use and
the potential danger and difficulty in setup. Applications are more powerful
(and thus useful) but more dangerous and difficult to setup.
Webstart is a new technology developed to launch Java applications from
a web browser. The idea is to provide the power and flexibility of
a Java application with the convenience of a Java applet. Webstart works
by reading a .JNLP (Java Network Launch Protocol) file that specifies how
an application that resides on a server is to be downloaded and launched
on a local computer. For a full description of Webstart view this
Note that Webstart does provide means to impose security restrictions on
applications that it runs. The developer of the application requests a
certain level of permission within the .JNLP file and the user is asked
whether the desired permissions should be granted. Webstart applications
must also be digitally signed. The assumption is that an application with a
valid signature certificate can be trusted more than one without. In general
you should not run applications that don't have a valid signature
certificate. Of course, in many cases an application developer may not
have a certificate to use and thus signs the application with a blank
certificate. Webstart will notify the user when this occurs and it is
then up to the user to decide whether the developer in question can be
Which should you use?
- If you are concerned about the security of your computer system, using the
applet is the best bet. The functionality of the applet is limited, but
does provide the major features. You will not be able to
save any of the work you have done.
- If you are a more trusting sort and you believe that I will not
deliberately damage you computer (I won't, but since you don't know me, are you
sure you trust me?), then you can give Webstart a try.
- If you want to explore the full power of the software, save your work
and use the software in a more intensive manner, then using Webstart is
your best bet.