Applet security redux. I

Applet security redux.

I have finally come upon a solution that is less expensive than paying

the $200 plus $100/year to Thwaite for a digital certificate. I just put the following into my Java Plugin JRE’s java.security file:

   grant codeBase "http://rollerweblogger.org/ekitapplet.jar" {
permission java.security.AllPermission;
}

Now, this is fine for me because I trust myself. But, for example, what

if Anthony Eden was to ask

his users to do this, substituting roller.anthonyeden.com for

rollerweblogger.org in the above snippet? Anthony would be asking his

users to trust in the following things:

  • Neither Howard Kistler, Dave Johnson, nor Anthony Eden have put no malicious code in Ekit

  • An evil hacker will not break in to Anthony’s site and replace

    ekitapplet.jar with malicious code

Is that too much to ask of Anthony’s Roller users? If it is, then we

need to buy a certificate for Ekit and hope that this one certificate

would be good for all Roller users.

BTW, this is my first Ekit post using Mozilla.

[Blogging Roller]

Presumably, even with a certificate, users would still have to trust that none of the authors had put any malicious code into it? All the certificate does is assert where it came from. You are still required to trust the source.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s