Java has essentially solved a very difficult technical problem in that a java program cannot exceed its authority as expressed in the language design; and at the same time Java program execution is relatively efficient.

Crude but effective limitations are placed on Java applets summoned by browsers. If my browser fetches and runs an applet, that applet is allowed access to the outside world but is allowed neither to see information on my machine, nor change information there. This is a useful yet very restrictive facility. There is no reason why I should not be able to fetch a Java program from an untrusted site and ask it for its opinion of one of my files without:

There is no reason why I should not be able to fetch an applet from an untrusted site and let it see just a particular file and return what it learns to its site.

Java provides a way for the browser to specify the authority of the applet, but the manner of specification is too coarse grained. It is not whether I want an applet to read or write my files, that I need to specify, but which files.

When a Java routine invokes a subroutine and passes an argument locating an object X, the subroutine can access X by virtue of its parameter value. When I invoke an applet I cannot specify its operands in a similar fashion. Pity.