Security of STRAP

Starting STRAP in a Safe Environment:

STRAP is an application. Applications like Web browsers or Text processors or Bioinformatics tools have full access to the user's account. The advantage of STRAP being an application is, that it can embed Bioinformatics software and can interact with standard programs of the desktop environment.
"Built in security checks" Before files are written deleted or modified, the file path is analyzed to check whether certain string patterns are part of the file path or whether the file is within the working directory. Otherwise the requested file operation is not performed. This applies to the STRAPlite as well as the full STRAP version. All dangerous operations are channelled through the class charite.christo.Insecure where the these checks are performed. There are final local variables that specify whether loading of Java code at runtime over customized a ClassLoader is allowed or not and whether calling native code is permitted. These variables are set to "false" in the STRAPlite version and to "true" in the full version.

"Trust no program" This is the slogan of the security program Sandboxie.
If you have concerns to run STRAP because it needs to store data on the hard-disk then you will find here simple ways to start it safely. These concepts are also applicable to any other program.

MS-Windows
Sandboxie is a safe environment to run untrusted software on Windows PC. Sandboxie is easy to install and allows to start STRAP or any other program from a sandboxed Web-browser. All programs like STRAP started from the sandboxed Web-browser are also sandboxed. Hence, they cannot modify files on the PC. Sandboxie is a layer between the operation system and STRAP such that all file modifications are performed virtually and never affect important data.
Limitations
1. Drag-and-Drop operations with programs outside the sandbox are currently not possible. Drag-and-Drop is only possible between STRAP and other programs within the Sandbox, like an Explorer launched from Sandboxie. However, it might be implemented in future. Sandboxie has forum where you can post a request for the Drag-and-Drop feature.
2. Cygwin cannot be used.
Mac-OS, Linux and UNIX
In multiuser operation systems, access to files is controlled by file permissions and the file ownership. Users can read but cannot modify files from other users, unless the file permissions are explicitely changed. Files owned by the administrator are usually invisible. File permissions can be changed with the shell command "chmod" or with the context menu (right-click the file). Thus, multi-user computer systems provide a very simple way to start programs in a safe environment per-se: Create a new user account and start the Web-browser under this user. All programs started from this Web-browser will also run under this user account and will only have limited access to your files.
Virtualization

STRAP will behave well on your computer

It does not change the Windows-registry.
It does not install or replace global DLLs.
It does not change the applications associated to certain file extensions and MIME types.
It does not create or alter files outside the setting directory ~/.StrapAlign/ (Microsoft architecture: C:\StrapAlign\) and the current STRAP project directory. There are two exceptions:
- A start script for Pymol is placed on the Desktop.
- In MS-Windows, packages are added to the Cygwin software list.
- With Drag-and-Drop, protein files can be copied anywhere.
It uploads amino acid sequences and protein structures to Bioinformatics servers only after getting permission from the user. Sequence names and annotations are not uploaded.

STRAP with restricted permissions

You can run Strap with restricted premissions:

The restrictions include:

Native code is not executed
Only those jar-files are loaded that are included in the jnlp file because only the boot-Classloader is used.