Solved

Signing an applet for Netscape and IE

Posted on 2001-06-04
3
266 Views
Last Modified: 2010-03-31
I am currently developing a small applet. It needs to be able to create some shortcuts on the client's machine, in the user's Start Menu and Desktop (The applet is intended only for use on Windows machines).

As the applet needs to create files, and access the user.home system property, it needs to be signed, which is where I'm experiencing difficulty.

Originally, I intended to implement the applet for the Java plug in, as I felt that would provide the best cross browser solution. Plus, I'd only have to sign the applet once, for all browsers.

However, as I later discovered, the plug in consists of a 4MB download. Which is basically too large, considering the small size and simple purpose of the applet.

Thus, unless anyone can suggest any better ideas, I'm forced to implement the applet for the internal JVMs offered by IE and Netscape.

So, I have some questions:

1. Would I need to provide two applets, one signed for netscape, and one for IE, or is there a way to sign a 1.1 applet for both browsers?

2. What is the best certificate to use?

3. Can I use the same certificate for both browsers?

4. What software should I use to sign the applet?

5. Can I use Microsoft's Java SDK to sign a Sun applet?

Any information would be great, as I'm really stuck on this one.

Many thanks,

Rob
0
Comment
Question by:robbiemorgan
3 Comments
 
LVL 92

Accepted Solution

by:
objects earned 150 total points
ID: 6154318
Here are a couple of references that might help.

http://www.jguru.com/faq/view.jsp?EID=35804
http://www.jguru.com/faq/view.jsp?EID=35936

Sorry I couldn't be of more assistance, good luck :)
0
 
LVL 14

Expert Comment

by:sudhakar_koundinya
ID: 6155015
What Applets Can and Can't Do
http://java.sun.com/docs/books/tutorial/applet/overview/security.html

How to Sign Java Code
http://www.securingjava.com/appdx-c

Signed Applet Example
http://www.suitable.com/Doc_CodeSigning.shtml

Security and Signed Applets
http://www.javasoft.com/products/jdk/1.1/docs/guide/security/index.html

Creating Signed, Persistent Java Applets
http://www.ddj.com/articles/1999/9902/9902h/9902h.htm

Security and Signed Applets
http://java.sun.com/docs/books/tutorial/post1.0/whatsnew/security.html 

http://java.sun.com/products/jdk/1.2/docs/tooldocs/solaris/jarsigner.html#SFFile

http://java.sun.com/security/signExample/index.html


Signing applets :-

http://www.ddj.com/articles/1999/9902/9902h/9902h.htm 
http://java.sun.com/security/signExample/index.html





http://java.sun.com/docs/books/tutorial/applet/overview/security.html 

Code signing resources:

Creating Signed, Persistent Java Applets
http://www.ddj.com/articles/1999/9902/9902h/9902h.htm 

http://www.javasoft.com/products/jdk/1.1/docs/guide/security/index.html 
http://java.sun.com/security/signExample/index.html 
http://www.verisign.com/library/guide/developer/signing/index.html 
http://www.suitable.com/Doc_CodeSigning.shtml 
http://www.securingjava.com/appdx-c/ 
http://tactika.com/realhome/javaht/java-s1.html 
http://www.fastlane.net/~tlandry/javafaq.txt 

MS:
http://www.thawte.com/support/developer/ms.html 
http://www.developer.com/journal/techworkshop/curr.html 
http://www.verisign.com/library/guide/developer/authenticode/index.html 
http://msdn.microsoft.com/library/psdk/crypto/cryptotools_6cdv.htm 
http://msdn.microsoft.com/library/psdk/crypto/portaltool_3u3p.htm 

NN:
http://developer.netscape.com/docs/manuals/signedobj/ 
http://developer.netscape.com/docs/manuals/signedobj/javadoc/Package-netscape_security.html 
http://developer.netscape.com/docs/manuals/signedobj/targets/contents.htm 
http://developer.netscape.com/support/faqs/objfaq.html 
http://developer.netscape.com/docs/manuals/deploymt/4_5PREFS.HTM 

NN: Bypass the need for a certificate
Netscape provides a way to accept a codebase as trusted (then a certificate is not needed). This can
be useful during development or in a private Intranet. In the Netscape Users directory, there is a file
called prefs.js. Adding the line user_pref("signed.applets.codebase_principal_support", true);

will enable JAR file without a certificate to request privileges on your machine. If you agree, it will
be possible for an Applet to lauch a program, write a file on your hard disk or print on the printer.
You will still have to ask for privileges in your program using the Netscape capabilites classes.
Another way is to lower general security setting to more allow more freedom when running applets locally.
Add or modify the following entries in the prefs.js: user_pref("unsigned.applets.low_security_for_local_classes",
true);
user_pref("signed.applets.local_classes_have_30_powers", true);
user_pref("signed.applets.low_security_for_local_classes", true);
user_pref("signed.applets.verbose_security_exception", true);


Then you don't need to asked for privileges for local classes.
When adding or modifying the file prefs.js, Netscape must not be running because your modification will
be overwritten. So shut down Netscape, edit the prefs.js and then restart Netscape.


Running signed applets with the JavaTM Plug-in
http://www.suitable.com/CodeSigningSignPlug.shtml 
http://java.sun.com/security/signExample/index.html 

http://www.javasoft.com/products/jdk/1.1/docs/guide/security/index.html 

DEPLOYING RSA SIGNED APPLETS IN JAVA TM PLUG-IN 1.2.2
http://java.sun.com/products/plugin/1.2/docs/nsobjsigning.html 
http://java.sun.com/docs/books/tutorial/security1.2/toolsign/index.html 
 

Regards

Koundinya
0
 

Author Comment

by:robbiemorgan
ID: 6171950
Just the ticket :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Running Jira on Raspberry PI 2? 3 265
solarwind tftp server 2 45
bitbucket vs gitbucket 3 57
servlet web applications   metadata-complete="true" or false 3 3
Go is an acronym of golang, is a programming language developed Google in 2007. Go is a new language that is mostly in the C family, with significant input from Pascal/Modula/Oberon family. Hence Go arisen as low-level language with fast compilation…
Introduction This article is the first of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article explains our test automation goals. Then rationale is given for the tools we use to a…
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now