...
| Wiki Markup |
|---|
According to the Java Tutorials \[[Tutorials 2008|AA. Java References#Tutorials 08]\]: |
If you are creating applet code that you will sign, it needs to be placed in a JAR file. The same is true if you are creating application code that may be similarly restricted by running it with a security manager. The reason you need the JAR file is that when a policy file specifies that code signed by a particular entity is permitted one or more operations, such as specific file reads or writes, the code is expected to come from a signed JAR file. (The term "signed code" is an abbreviated way of saying "code in a class file that appears in a JAR file that was signed.")
...
Not verifying the digital signature either manually or programmatically can lead to the execution of malicious code.
Rule Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
SEC19- J | high | probable | medium | P12 | L1 |
...