...
| Wiki Markup |
|---|
\[[API 06|AA. Java References#API 06]\] \[[Gong 03|AA. Java References#Gong 03]\] 12.8.3 jarsigner \[[Eclipse 08|AA. Java References#Eclipse 08]\] [JAR Signing|http://wiki.eclipse.org/JAR_Signing] and [Signed bundles and protecting against malicious code|http://help.eclipse.org/stable/index.jsp?topic=/org.eclipse.platform.doc.isv/guide] \[[Halloway 01|AA. Java References#Halloway 01]\] \[[Flanagan 05|AA. Java References#Flanagan 05]\] Chapter 24. The java.util.jar Package \[[Oaks 01|AA. Java References#Oaks 01]\] Chapter 12: Digital Signatures, Signed Classes \[[Tutorials 08|AA. Java References#Tutorials 08]\] [The JarRunner Class|http://java.sun.com/docs/books/tutorial/deployment/jar/jarrunner.html], [Lesson: API and Tools Use for Secure Code and File Exchanges|http://java.sun.com/docs/books/tutorial/security/sigcert/index.html] and [Verifying Signed JAR Files|http://java.sun.com/docs/books/tutorial/deployment/jar/verify.html] \[[JarSpec 08|AA. Java References#JarSpec 08]\] Signature Validation \[[Bea 08|AA. Java References#Bea 08]\] \[[Muchow 01|AA. Java References#Muchow 01]\] \[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 300|http://cwe.mitre.org/data/definitions/300.html] "Channel Accessible by Non-Endpoint (aka 'Man-in-the-Middle')", [CWE ID 319|http://cwe.mitre.org/data/definitions/319.html] "Cleartext Transmission of Sensitive Information", [CWE ID 494|http://cwe.mitre.org/data/definitions/494.html] "Download of Code Without Integrity Check", [CWE ID 347|http://cwe.mitre.org/data/definitions/347.html] "Improperly Verified Signature" |
...
SEC03-J. Do not allow tainted parameters while using use APIs that perform access checks against the immediate caller 01. Platform Security (SEC) SEC06-J. Assume that all Java clients can be reverse engineered, monitored, and modified