...
| Wiki Markup |
|---|
According to the Java Tutorials \[[Tutorials 2008|AA. Bibliography#TutorialsReferences#Tutorials 08]\], |
If you are creating applet code that you will sign, it needs to be placed in a JAR file. The same is true if you are creating application code that may be similarly restricted by running it with a security manager. The reason you need the JAR file is that when a policy file specifies that code signed by a particular entity is permitted one or more operations, such as specific file reads or writes, the code is expected to come from a signed JAR file. (The term "signed code" is an abbreviated way of saying "code in a class file that appears in a JAR file that was signed.")
...
| Wiki Markup |
|---|
Automated detection is not feasible in the fully general case. However, an approach similar to Design Fragments \[[Fairbanks 07|AA. Bibliography#FairbanksReferences#Fairbanks 07]\] could assist both programmers and static analysis tools. |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="383c1f4c1e16822e-6e7b568e-4e594039-9207be8d-d59b287d44dd2e01499644db"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | Improperly Verified Signature [XZR] | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-300. Channel accessible by non-endpoint (aka "man-in-the-middle") | ||||
| CWE-319. Cleartext transmission of sensitive information | |||
| CWE-494. Download of code without integrity check | |||
| CWE-347. Improper verification of cryptographic signature |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ac0abcb3808a4528-e67b4dcf-4a3c4190-8dae966e-2806900eddd5f12d848f129c"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API References#API 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="965cbf597a909cb3-edfd0ad8-4c164822-93ac98f7-db3c62cd7dbe6cf1cb6f1b9d"><ac:plain-text-body><![CDATA[ | [[Bea 2008 | AA. Bibliography#Bea References#Bea 08]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1f29b5f7167a6e3f-88456c68-485f4205-8eeb8946-2ca25fdc0c4ca871f2d865d7"><ac:plain-text-body><![CDATA[ | [[Eclipse 2008 | AA. Bibliography#Eclipse References#Eclipse 08]] | [JAR Signing | http://wiki.eclipse.org/JAR_Signing] and [Signed bundles and protecting against malicious code | http://help.eclipse.org/stable/index.jsp?topic=/org.eclipse.platform.doc.isv/guide] | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4977cd3efa31029f-4e1ec09f-48364315-b19687a3-5fe7d994be9b1dbe659ec302"><ac:plain-text-body><![CDATA[ | [[Fairbanks 2007 | AA. Bibliography#Fairbanks References#Fairbanks 07]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cf1ac7d3a965d1ab-f0eb922c-42f643d4-bbdca41e-6043e7fae0309c48725315f1"><ac:plain-text-body><![CDATA[ | [[Flanagan 2005 | AA. Bibliography#Flanagan References#Flanagan 05]] | Chapter 24, The | ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6e2b62c0242754d3-a4ca5229-404f4469-94bab095-d9bba24a8289c62cafcaa3b3"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong References#Gong 03]] | 12.8.3, | ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9cc69d572ea325af-077f688e-4dca45f7-92df8bc9-db9a822ddec617185e2587d6"><ac:plain-text-body><![CDATA[ | [[Halloway 2001 | AA. Bibliography#Halloway References#Halloway 01]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="587b6cf0a92af04a-0b38a670-45444426-aa17ad63-44f3853578a25743834c2e6e"><ac:plain-text-body><![CDATA[ | [[JarSpec 2008 | AA. Bibliography#JarSpec References#JarSpec 08]] | Signature Validation |
| ]]></ac:plain-text-body></ac:structured-macro> | ||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3c6f436587c96b4e-edd83ef5-4aeb440e-82bca7d3-7ecf6ea65c0169bf8196a138"><ac:plain-text-body><![CDATA[ | [[Oaks 2001 | AA. Bibliography#Oaks References#Oaks 01]] | Chapter 12, Digital Signatures, Signed Classes | ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4aeec65f363d65fc-2f1523db-47c440e8-9bd8b5fe-4fe0c01c122f66fac1e9599a"><ac:plain-text-body><![CDATA[ | [[Muchow 2001 | AA. Bibliography#Muchow References#Muchow 01]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b7cdb1029ef7357b-83388f12-4d5d490f-bb179023-64ea9f6424567b6e7151e22a"><ac:plain-text-body><![CDATA[ | [[Tutorials 2008 | AA. Bibliography#Tutorials References#Tutorials 08]] | [The | http://java.sun.com/docs/books/tutorial/deployment/jar/jarrunner.html], [Lesson: API and Tools Use for Secure Code and File Exchanges | http://java.sun.com/docs/books/tutorial/security/sigcert/index.html] and [Verifying Signed JAR Files | http://java.sun.com/docs/books/tutorial/deployment/jar/verify.html] | ]]></ac:plain-text-body></ac:structured-macro> |
...