On 10/07/2010 08:57 AM, Peter Firmstone wrote:
Firstly let me say that I like your idea, a feature requiring a jar file be signed by a known Certificate, before allowing class loading, I'd like to implement it together, if your interested. This would provide good security for parties already known to each other.
Some bad news here, i'm afraid. I did a quick inventory of the classes passed through a TrustVerfifier, and it turns out that if you deploy via webstart with signed jars, the classloader does not fill in the CodeSource of the ProtectionDomain. I'm not sure what this means for other verification mechanisms, based on CodeSource. I'm not sure either what kind of hole we open, if we assume codeSource == null means loaded via the local classloader. The normal classloader used when the VM is invoked from the commandline, provides all classes with codesources. So why webstart doesn't is a mystery to me.
Gr. Sim
