为什么签名的小程序更“安全”? 未签名的小程序是否已死?
[英]Why are signed applets more “secure”? Are unsigned applets dead?
问题描述
With Oracle's latest Java update they finally removed the ability of unsigned applets to run without requiring the user to perform manual settings changes (such as adding the website to an exception list). 
通过Oracle的最新Java更新,他们最终取消了未签名小程序的运行能力,而无需用户执行手动设置更改(例如将网站添加到例外列表中)。 Since mucking about with security settings in the Java Control Panel is beyond the average end user, this effectively kills the use of unsigned applets on the web. 由于Java控制面板中涉及安全设置的问题超出了最终用户的平均水平,因此这有效地阻止了Web上未签名小程序的使用。
How did we get here? 我们是怎么来到这里的? I always considered unsigned applets to be the safe variety and signed applets to be scary. 我一直认为未签名的小程序是安全的品种,而签名的小程序很可怕。 Signed applets can see my file system; 签名的小程序可以看到我的文件系统; unsigned applets run in a sandbox, right? 未签名的小程序在沙箱中运行,对吗? I specifically made my applet unsigned so that the end user would feel secure in knowing my app cannot see or act on their file system. 我专门为applet设置了未签名的名称,以便最终用户在知道我的应用无法查看其文件系统或在其文件系统上执行操作时感到放心。 Now that idea seems dead. 现在,这个想法似乎已经死了。
Is there a way to run an unsigned applet without requiring the user perform manual settings changes? 有没有一种方法可以运行未签名的applet,而无需用户执行手动设置更改?
1 个解决方案
解决方案1
0 2014-01-22 15:04:44
I guess the reason behind the move is the lack of trust in the sandbox security due to recent exploits found, and that now a little 'extra' is exiged in the form of a trusted certificate - it's as dumb as saying 'hey, it will break the sandbox anyway, so let's have it signed at least' 我想此举背后的原因是由于最近发现的漏洞导致对沙盒安全性的不信任,而现在以信任证书的形式表现出一些“多余”-傻傻的说“嘿,它将无论如何都要破坏沙盒,所以至少让它签名了'
I don't say it is taking decisions like this out of fear is right... but I think it is what we must cope with 我不是说出于恐惧而做出这样的决定是正确的...但是我认为这是我们必须应对的
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.