[
https://issues.apache.org/jira/browse/IO-445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14017883#comment-14017883
]
Sebb edited comment on IO-445 at 6/4/14 5:16 PM:
-------------------------------------------------
We could of course add this to the parent pom, but won't this bypass any
security checks in the browser?
Is that something we want to do? Should we not perform some kind of security
analysis first?
The "Application Name" field looks safe enough to add (though it is optional
anyway). I'm not sure about the rest.
According to the linked article, Codebase cannot be "*"
{quote}
An asterisk \(*) can be used as a wildcard only at the beginning of the domain
name, and cannot be used with only a top-level domain, such as *.com.
{quote}
So I don't see how we can possibly provide a Codebase that works for all users.
I suspect these values need to be set up by the person who wants to use the jar.
was (Author: [email protected]):
We could of course add this to the parent pom, but won't this bypass any
security checks in the browser?
Is that something we want to do? Should we not perform some kind of security
analysis first?
The "Application Name" field looks safe enough to add (though it is optional
anyway). I'm not sure about the rest.
According to the linked article, Codebase cannot be "*"
{quote}
An asterisk (*) can be used as a wildcard only at the beginning of the domain
name, and cannot be used with only a top-level domain, such as *.com.
{quote}
So I don't see how we can possibly provide a Codebase that works for all users.
I suspect these values need to be set up by the person who wants to use the jar.
> attributes are missing in MANIFEST.MF
> -------------------------------------
>
> Key: IO-445
> URL: https://issues.apache.org/jira/browse/IO-445
> Project: Commons IO
> Issue Type: Bug
> Affects Versions: 2.4
> Reporter: Jeff Yu
> Priority: Critical
>
> We are encountering an issue using commons-io-2.4.jar inside an applet.
> Since the 7U45 of java, the MANIFEST of a jar used inside an applet must be
> complete.
> 3 attributes are missing in the MANIFEST
> Trusted-Library : true
> Application-Name : <<as you want>>
> Permissions : all-permissions (or less if you want to be precise)
> Codebase : *
> see :
> http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html
> Without these attributes, the JRE refuse to execute an applet containing
> commons-io-2.4.jar.
> Could you please fix that in order to make these two jars usable inside an
> applet ?
> Thanks
--
This message was sent by Atlassian JIRA
(v6.2#6252)
