provided by: 
Originally published at Internet.comIn this article, we will explain the Java "Sandbox" model and tell you when it is necessary to cross the restrictions imposed by the model. We will then provide a step-by-step procedure to create an applet, package the applet into a .cab file, create digital certificates (for testing), sign the .cab with digital certificates so that the applet can use features beyond the sandbox model, such as writing to a file on the client machine.
We'll first offer information on signing applets with digital certificates for Internet Explorer and then enumerate the steps for Netscape Communicator.
The Sandbox Model
On the Internet, there are big risks associated with virus attacks against which the virus scanner is helpless. Instead of trying to spot hostile code, Java's security mechanisms prevent attacks by stopping hostile actions. Java's Sandbox model defines actions an applet can safely perform and which it cannot. All commercial browsers conform to this basic policy. Applets are not allowed to:
Digitally Signing an Applet for Microsoft Internet Explorer ...
Read article at Internet.com site