What is the Java Security Sandbox?

The "Sandbox"

Java security relies entirely on software technology. Java accepts all
downloaded programs and runs them within a security "sandbox". This can
be looked at as a security fence that surrounds the program and keeps it
away from your private data. As long as that fence has no holes, data is
safe. Java security relies on the software implementing the sandbox to
work correctly. A Java program must play only inside its sandbox. It can
do anything within the boundaries of its sandbox, but it can't take any
action outside of those boundaries. For example, the sandbox for
untrusted Java applets prohibits many activities including:  Reading or
writing to the local disk
 Making a network connection to any host, except the host from which the
applet came
 Creating a new process
 Loading a new dynamic library and directly calling a native method


The Java virtual machine (JVM) restricts applets from accessing the
local file system entirely, and this includes stopping applets from
reading and writing files within the local system. This Java "sandbox"
defines the strict security boundaries by which Java programmers are
constrained. The problem is, as time goes by, Java programmers will want
more flexibility and more client access for their programs. To support
their needs, the Java sandbox must be converted into a "playground" in
which there are still constraints, but a little bit more flexibility.