堆栈内存溢出
  简体   繁体   English

专业签署小程序

[英]Professionally sign an applet

 原文  2013-07-15 03:45:21       java/ security/ applet/ digital-signature/ sign

问题描述

I've made a Java applet and I self signed it before, but due to security changes in recent Java updates, self signing no longer gives the applet the necessary permissions. 我已经制作了一个Java小程序,并且之前对其进行了自我签名,但是由于最近Java更新中的安全性更改,自签名不再赋予该小程序必要的权限。 I need the applet to be able to read the local file system to use images and to be able to connect to a MYSQL database. 我需要applet能够读取本地文件系统以使用图像并能够连接到MYSQL数据库。 The applet used to work with the database when I self signed it, but not anymore. 当我对数据库进行自签名时,该applet曾经用于数据库,但是现在不再使用了。 In addition, many unknown users will be using the applet, so I won't have control over their machines. 另外,许多未知用户将使用该applet,因此我将无法控制他们的计算机。

Where can I get my applet professionally signed and if possible, is there another way to self sign that will make the applet work? 我可以在哪里获得我的applet的专业签名,如果可能,还有另一种可以使applet正常工作的自签名方法吗?

2 个解决方案

解决方案1
 3 已采纳  2013-07-15 03:56:15

Purchase a certificate from any reputable certificate authority. 从任何信誉良好的证书颁发机构购买证书。 Use that to sign your code. 使用它来签名您的代码。 List of CAs CA列表

Or, some companies also do this: Sign the jars themselves, but pre-populate the JDK trust store with your (self created) CA cert. 或者,有些公司也这样做:自己签名罐子,但是用您(自己创建的)CA证书预先填充JDK信任库。 If you have control over the JRE that is installed on all user machines, you can place your certificate in JRE/lib/security/cacerts so that is trusted ahead of time. 如果您可以控制所有用户计算机上安装的JRE,则可以将证书放在JRE / lib / security / cacerts中,以便提前信任。

update : This page ( Java Control Panel Documentation ) describes what type of signature is required for various client side security level settings: 更新 :此页面( Java控制面板文档 )描述了各种客户端安全级别设置所需的签名类型:

解决方案2
 1  2013-07-15 05:14:08

As long as the applet 'phones home' to the DB & this demo. 只要applet可以“回拨”数据库和此演示。 of the JNLP API file services 1 works for the problem machines you should be set to go for a Plug-In 2 JRE (1.6.0_10+) JRE. JNLP API文件服务 1的功能适用于有问题的计算机,您应该将其设置为使用插件2 JRE(1.6.0_10 +)JRE。 And if the client has less than that, they should seriously look to update. 如果客户的资源不足,他们应该认真考虑进行更新。 The Deployment Toolkit Script can assist with that. 部署工具包脚本可以帮助实现这一目标。

  1. It is relevant in that: 它的相关之处在于:
    • It uses a self signed certificate 它使用自签名证书
    • It allows a sand-boxed app. 它允许使用沙盒应用程序。 to read/write to the local file system. 读取/写入本地文件系统。
    • An applet launched using JWS has access to the API. 使用JWS启动的小程序可以访问API。

This should only be considered a work-around. 这仅应视为变通方法。 The correct way to solve the problem is to heed the advice offered to get a certified code certificate . 解决问题的正确方法是听取获得认证代码证书的建议 Oracle seems to be heading towards making it so that unsigned or self-signed code will not just be sand-boxed, but entirely forbidden (& that is for the best ). Oracle似乎正在努力做到这一点,以使未签名或自签名的代码不仅会被装在盒子里,而且会被完全禁止(这是最好的 )。

As an aside re. 顺带一提。 DB access: For the protection of the DB. 数据库访问:用于保护数据库。 The applet should be forced to go through a 'public interface' (via the site that hosts the applet). 应强制小程序通过“公共接口”(通过承载小程序的站点)。 Do not give the applet direct access to the DB. 不要让applet直接访问数据库。 Otherwise hackers also have direct DB access. 否则,黑客也可以直接访问数据库。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 签署applet并将其部署在Intranet中 - Sign applet and deploy it in intranet 使用多个证书签署Java Applet - Sign a java applet with multiple certificates 如何为Applet签名一个Jar文件? - How To Sign a Jar File for an Applet? 是否可以免费签署一个Java小程序? - Is it possible to sign a java applet for free? 从HTML运行Applet的迹象 - No Sign of Applet Running from HTML 导入密钥库以对Applet进行签名 - Import Keystore in order to Sign Applet 无法在符号小程序中初始化DefaultHttpClient - Could not intantiat DefaultHttpClient in sign applet 如何从javascript访问sign applet方法 - how to access sign applet method from javascript 如何使用NetBeans自签名Applet? - How to self-sign an applet with NetBeans? 如何签署Java Applet? - How do i sign a java Applet?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM