Why is where Java applets run called a Sandbox?

Jeff Williams

It's a cute name for a sophisticated idea. Java code runs on a "virtual machine" -- the JVM. The JVM translates calls made by your code(written in Java and compiled to bytecode) to the appropriate call on the native platform (Windows, Mac, Solaris, Linux, etc...).

The JVM includes the ability to mediate or stop calls if they violate a security policy. Applets run with this mediation turned on, but you have to turn it on explicitly for applications. So, your code is running in a sandbox where it can play around and do whatever it wants, as long as it doesn't try to violate the security policy by accessing files, creating network connections, stopping the virtual machine, etc...