Page History

In addition, McGraw and Felten \[[McGraw 00|AA. Java References#McGraw 00]\] stress that only privileged code should be signed. They further recommend that, since all development is not in-house, an organization that signs its code must not vouch for code acquired from a third party. They suggest using the {{AccessController}} mechanism wherein only the privileged code ({{doPrivileged() section}}) ought to be signed. The other code can be left unsigned, restricting it to the sandbox. Any code that is incomprehensible or unaudited must not be signed ([SEC32-J. Create and sign a SignedObject before creating a SealedObject|SEC32-J. Create and sign a SignedObject before creating a SealedObject]).