http://blog.krecan.net/2008/12/16/javafx-security/ Short remarks from Java world Sat, 04 Feb 2012 09:44:38 +0000 hourly 1 http://wordpress.org/?v=3.2.1 http://blog.krecan.net/2008/12/16/javafx-security/comment-page-1/#comment-940 Lukáš Křečan Sat, 25 Apr 2009 07:07:55 +0000 http://blog.krecan.net/?p=198#comment-940 I don't know what's going on in Sun, but I assume that for Sun it's not a bug but a feature. I don't know what's going on in Sun, but I assume that for Sun it's not a bug but a feature.

]]> http://blog.krecan.net/2008/12/16/javafx-security/comment-page-1/#comment-936 Gregor Tue, 21 Apr 2009 21:06:31 +0000 http://blog.krecan.net/?p=198#comment-936 Is there anything done about this problem at Sun? Is there anything done about this problem at Sun?

]]> http://blog.krecan.net/2008/12/16/javafx-security/comment-page-1/#comment-812 Lukáš Křečan Tue, 06 Jan 2009 08:23:12 +0000 http://blog.krecan.net/?p=198#comment-812 Just small update, I have found this <a href="http://wikis.sun.com/display/PartnerSunPKIstore/Partner+Object+Signing" rel="nofollow">page</a> about partner object signing and this <a href="http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6695642" rel="nofollow">bug</a> that explains how “Object Signing CA” works. Just small update, I have found this page about partner object signing and this bug that explains how “Object Signing CA” works.

]]> http://blog.krecan.net/2008/12/16/javafx-security/comment-page-1/#comment-767 Martin Rubeš Wed, 17 Dec 2008 21:39:52 +0000 http://blog.krecan.net/?p=198#comment-767 to Lukas: I guess that the platform can somehow remember that the user approved usage of a signed jar for a certain applet. So this binding must be implemented by browser plug-in. I think that it's quite reasonable to do so. I suppose that it's done this way. Anyway, we can try it... to Lukas: I guess that the platform can somehow remember that the user approved usage of a signed jar for a certain applet. So this binding must be implemented by browser plug-in. I think that it's quite reasonable to do so. I suppose that it's done this way. Anyway, we can try it...

]]> http://blog.krecan.net/2008/12/16/javafx-security/comment-page-1/#comment-762 v6ak Tue, 16 Dec 2008 21:22:51 +0000 http://blog.krecan.net/?p=198#comment-762 To Lukáš Křečan: I have no experience with Java Reflection API. I have never used it. I know what can I do only. I do not know these restrictions in Java Reflection API. To Lukáš Křečan: I have no experience with Java Reflection API. I have never used it. I know what can I do only. I do not know these restrictions in Java Reflection API.

]]> http://blog.krecan.net/2008/12/16/javafx-security/comment-page-1/#comment-761 Lukáš Křečan Tue, 16 Dec 2008 14:53:41 +0000 http://blog.krecan.net/?p=198#comment-761 To v6ak: First of all, I think (I am not sure) that you cann't use the reflection API in the sandbox. And I am not sure how it works with trusted CAs. They are listed in Java Control Panel, in the security tab. But even when I delete all of them, "Object Signing CA" is apparently trusted automatically. I will be glad if someone explain it to me. To v6ak: First of all, I think (I am not sure) that you cann't use the reflection API in the sandbox.
And I am not sure how it works with trusted CAs. They are listed in Java Control Panel, in the security tab. But even when I delete all of them, "Object Signing CA" is apparently trusted automatically. I will be glad if someone explain it to me.

]]> http://blog.krecan.net/2008/12/16/javafx-security/comment-page-1/#comment-760 Lukáš Křečan Tue, 16 Dec 2008 14:47:13 +0000 http://blog.krecan.net/?p=198#comment-760 To Martin: How do you bind application to its library? An application is just bunch of JARs. That could be solved by a modular system. But it is impossible to solve it now (unless you include a jar into other jar). To Martin: How do you bind application to its library? An application is just bunch of JARs. That could be solved by a modular system. But it is impossible to solve it now (unless you include a jar into other jar).

]]> http://blog.krecan.net/2008/12/16/javafx-security/comment-page-1/#comment-759 v6ak Tue, 16 Dec 2008 14:19:05 +0000 http://blog.krecan.net/?p=198#comment-759 The problem is maybe worse than I thought: IMHO You can use also whole applications. Reflection API enables to access more than I thought. BTW Is there any default trusted publisher in default settings? E.g. Sun? The problem is maybe worse than I thought: IMHO You can use also whole applications. Reflection API enables to access more than I thought.
BTW Is there any default trusted publisher in default settings? E.g. Sun?

]]> http://blog.krecan.net/2008/12/16/javafx-security/comment-page-1/#comment-758 Martin Rubeš Tue, 16 Dec 2008 14:15:21 +0000 http://blog.krecan.net/?p=198#comment-758 The trusted library should be trusted only in the context of the application which the library uses otherwise it's serious security issue. The trusted library should be trusted only in the context of the application which the library uses otherwise it's serious security issue.

]]> http://blog.krecan.net/2008/12/16/javafx-security/comment-page-1/#comment-756 Lukáš Křečan Tue, 16 Dec 2008 13:12:00 +0000 http://blog.krecan.net/?p=198#comment-756 To v6ak: That's an interesting idea and I think it is possible. You can even take a signed applet and use it as a library in your applet. Sounds dangerous. To v6ak: That's an interesting idea and I think it is possible. You can even take a signed applet and use it as a library in your applet. Sounds dangerous.

]]>