3.1.4 Security in Applets

The SQLPermission class provides a mechanism for ensuring that only authorized users can enable a log file for a connection that was created using the DriverManager class. Without this security measure, if an application is running in an applet, it is theoretically possible for an unauthorized user to access the log file and get information such as the hard-coded driver class name and other data.
Starting with the Java 2 SDK, Standard Edition, version 1.3, in the presence of a Security Manager, a logging stream can be set only if the proper permission has been granted. Normally this permission will be set using the tool PolicyTool, which can be used to grant the permission java.sql.SQLPermission "setLog". For more information on security managers, see the following URL:
http://java.sun.com/j2se/1.3/docs/guide/security/smPortGuide.html
Note that this security measure is not necessary for Connection objects created using a DataSource object, so setting a logging stream for a such a connection does not require any permissions.