During work I've found out that the combination of the Java Plugin 1.4 with the JRE 1.3 doesn't handle certificates properly. An applet signed with an outdated certificate shouldn't be able to get access to the filesystem on the client machine. However this happens when using the named combination. So my applet was able to do some filesystem operations without a valid certificate. For better bugtracking I've generated some files (HTML,JSP,Applet,Certificate) to reproduce this problem.
Here you'll find these files: http://user.cs.tu-berlin.de/~raptor/SecurityFault/
Starting point is the file SecurityFault.html .If you got JBuilder a corresponding project file is included.