Re: checkXXX security exceptions

Marianne Mueller (Marianne.Mueller@Eng)
Wed, 20 May 1998 15:31:07 -0700 (PDT)

Date: Wed, 20 May 1998 15:31:07 -0700 (PDT)
From: Marianne Mueller <Marianne.Mueller@Eng>
Subject: Re: checkXXX security exceptions
To: java-security@web2.javasoft.com, jepatro@fedex.com

I'm sorry - before I go home today I will update the FAQ and the
signing examples. We need to make it clear that unfortunately we don't
yet have interoperability with either of the two major browsers.

My stock answer:

--

Unfortunately the JDK 1.1 signing and verification is not supported by the web browsers (Netscape's and Microsoft's.) It is supported in HotJava, http://java.sun.com/products/hotjava and appletviewer.

You can use the Java Plug-In in the browsers to get access to more recent JDK technology, http://java.sun.com/products/plugin You should be able to use 1.1.x signed applets with the Plug-In plugged into the browsers.

We are working with the Java licensees to get the standard Java signing working for people in an interoperable way.

--

I don't recommend it (since it's for one platform only, and also since the solution is to have programmers modify their code, which is wrong), but you could look at Netscape's way of handling signing and access control.

That URL is http://developer.netscape.com/software/signedobj/index.html

I think the JDK 1.2 security solution is much better, in that you can specify policy external to the JVM and application, not have it hardcoded. You should be able to use the 1.2beta plugin. Info on the 1.2 model is at http://java.sun.com/products/jdk/1.2/docs/guide/security/index.html