Java Options

Java offers a number of different ways to run Java software. Two of the most common are applets and applications. Webstart is a way of executing applications.

Applets

Applets are designed to provide a safe mechanism for Java code to be run over the internet in a web browser. To be "safe," a number of security restrictions have been placed on applets such as the inability to read or write local files. While applets are generally considered safe, the security limitations significantly impact the usefulness of the applets and make them difficult to write. Because of this many developers have chosen to use alternative technologies such as Flash, Perl and PHP for applications that might have otherwise been well suited to Java.

The benefit of using applets is that all the end user (generally) needs is a Java aware web browser, although even this has been complicated by the legal disputes between Microsoft and Sun.

The trade-off is thus between the safety and convenience of use and the usefulness of the applet. Applets are safer and more convenient, but generally less useful.

This applet does not work on Mac OS X Tiger (Java 1.5) but works with Java 1.42. Use WebStart instead.

Applications

Applications are not restricted in the same way applets are. Applications can be much more powerful because there are no limitations on how they interact with their host computers. That power comes with a price, namely the danger that an application can do something malicious (delete files, etc.) and the necessity of a local Java runtime environment.

The trade-off is thus between the power and flexibility of use and the potential danger and difficulty in setup. Applications are more powerful (and thus useful) but more dangerous and difficult to setup.

Webstart

Webstart is a new technology developed to launch Java applications from a web browser. The idea is to provide the power and flexibility of a Java application with the convenience of a Java applet. Webstart works by reading a .JNLP (Java Network Launch Protocol) file that specifies how an application that resides on a server is to be downloaded and launched on a local computer. For a full description of Webstart view this page.

Note that Webstart does provide means to impose security restrictions on applications that it runs. The developer of the application requests a certain level of permission within the .JNLP file and the user is asked whether the desired permissions should be granted. Webstart applications must also be digitally signed. The assumption is that an application with a valid signature certificate can be trusted more than one without. In general you should not run applications that don't have a valid signature certificate. Of course, in many cases an application developer may not have a certificate to use and thus signs the application with a blank certificate. Webstart will notify the user when this occurs and it is then up to the user to decide whether the developer in question can be trusted.

Which should you use?