Page History

In addition, McGraw and Felten \[[McGraw 00|AA. Java References#McGraw 00]\] stress that only privileged code should be signed. They further recommend that, since all development is not in-house, an organization that signs its code must not vouch for code acquired from a third party. Anything that is not comprehensible must not be signed (Also see the related guideline [SEC09SEC32-J. Create and sign a SignedObject before creating a SealedObject]). They suggest using the {{AccessController}} mechanism wherein only the privileged code ({{doPrivileged() section}}) ought to be signed. The other code can be left unsigned, restricting it to the sandbox.