Unfortunately I only tried it on the Javaplugin, not the JVM.
Dan
-----Original Message-----
From: Haripriya Kanduri [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 27, 2001 7:10 AM
To: Christophe Muller
Cc: Dan HOLMDAHL [GEMPLUS]; [EMAIL PROTECTED]
Subject: Re: [OCF] Using reader in browser
Hi All,
I am working on an authentication component and we are planning to go for a
new smart card based authentication
scheme. I am in the feasibility study. I am using OCF, GPK8000 and GCR410. I
tried it with Javaplugin1.2 and 1.3
and it is working fine. With browser JVM while making it an applet, i am
facing problems. From the previous mails
i could make out that browser applet based smart card authenticatin does not
work fine. Before closing on my
feasibility study, i need a confirmation that it is not possible with an
applet running in the browser's JVM.
Please reply,
Regards
Haripriya
Christophe Muller wrote:
> Hello,
>
> Dan Holmdahl wrote:
> >
> > Solution to using multiple jar files:
> > <PARAM NAME = ARCHIVE VALUE =
> >
"MyOCFApplet.jar,base-core.jar,base-opt.jar,gemplus-rad-terminals.jar,gemplu
> > s-terminals-4.1.jar,gemplus-util.jar,pcsc_wrapper.jar,..."
> >
>
> Thanks for sharing the info. I will add this question to the FAQ
> I'm currently writting (about OCF in browser applets).
>
> An other solution of course is to "pre-install" the middleware
> components and drivers (Card{Terminals,Services}) on the client
> machine and just deploy the final application in an applet form.
> (then security issues are the same as for any application
> or library deployment, and might also involve signing etc. but
> at least it's made once and for all).
>
> > With all this data to transfer to a client PC an interesting article to
look
> > at is:
> > http://www-106.ibm.com/developerworks/library/j-javapush/?dwzone=java
>
> Also there is a new technology pushed by Sun called "Java Web Start",
> which I didn't have time to used yet.
>
> > An advantage of an intranet is you don't really need to sign these
> > jars. Just somehow (I have not decided the best way yet) modify the
> > user's .java.policy file with something like:
> > grant codeBase
> > permission java.security.AllPermission;
> > whatever your codeBase may be, and however fine you wish to assign
> > permissions.
>
> I tend to disagree with this methods! unless for development/testing
> for a programmer. I would not open all doors like this even on an
> intranet, because today intranets often extends to be VPNs (i.e.,
> Virtual Private Networks) in which people connect from an external
> machine, and I think that we should always add the two means: 1) a
> firewall for protecting the entire intranet, and 2) specific
> protection for each machine, e.g., turning unnecessary servers off,
> setting minimum security policy, etc.
>
> I have included as attachement the ".java.policy" file I was using
> to run OCF with the plugin. The rights are granted for accesses that
> depends on the type of platfom -Linux for me-, JDK, etc. and so they
> have to be adapted. If somebody wants to send me a typical policy
> file for Windows/Plugin (or maybe two: one for the CommAPI-based
> CardTerminals and one for the PC/SC wrapper), I would include it/them
> into the FAQ.
>
> Cheers,
> Christophe.
>
> = On the side of the software box, in the system requirements =
> = section it said "Requires Windows 95 or better." ... =
> = So I installed FreeBSD. -- [EMAIL PROTECTED] =
> --
> -------------------------------------------------------------
> [EMAIL PROTECTED] - Gemplus Research Lab
> Phone: +33 4-42-36-57-83 | Disclaimer: I don't speak for Gemplus
> Gemplus doesn't speak for me... it is better that way!
> -------------------------------------------------------------
>
> ------------------------------------------------------------------------
> // this keystore is to store our certificates
> keystore ".keystore";
>
> // a grant entry suitable for the OCF applets
> // allows ALL applets that were signed by "cm" to carry out the following
actions
>
> grant signedBy "cm" {
> /* TEST with AllPermission */
> /*permission java.security.AllPermission;*/
>
> // read and write arbitrary (including sensitive) system properties
> permission java.util.PropertyPermission "*", "read,write";
>
> // read the 'opencard.properties' file in the standard locations
> permission java.io.FilePermission
"${java.home}/lib/opencard.properties", "read";
> permission java.io.FilePermission "${user.home}/.opencard.properties",
"read";
> permission java.io.FilePermission "${user.dir}/opencard.properties",
"read";
> permission java.io.FilePermission "${user.dir}/.opencard.properties",
"read";
>
> // read the 'javax.comm.properties' file in the standard location
> permission java.io.FilePermission
"${java.home}/lib/javax.comm.properties", "read,write,delete";
> permission java.io.FilePermission
"${java.home}/lib/Gempluscardterminal.properties", "read,write,delete";
>
> // read the Comm API driver implementation in the standard locations
(e.g., Blackdown & IBM)
> permission java.io.FilePermission "${java.home}/lib/ext/libSerial.so",
"read";
> permission java.io.FilePermission
"${java.home}/lib/ext/i386/libSerial.so", "read";
> permission java.io.FilePermission "${java.home}/bin/libibmcomm.so",
"read";
> permission java.io.FilePermission
"${java.home}/lib/ext/libibmcomm.so", "read";
> permission java.io.FilePermission
"${java.home}/lib/ext/x86/libibmcomm.so", "read";
>
> // access the serial port devices
> permission java.io.FilePermission "/dev", "read,write";
> permission java.io.FilePermission "/dev/lp0", "read,write";
> permission java.io.FilePermission "/dev/lp1", "read,write";
> permission java.io.FilePermission "/dev/lp2", "read,write";
> permission java.io.FilePermission "/dev/ttyS0", "read,write";
> permission java.io.FilePermission "/dev/ttyS1", "read,write";
> permission java.io.FilePermission "/dev/ttyS2", "read,write";
> permission java.io.FilePermission "/dev/ttyS3", "read,write";
>
> // dynamically load native libraries
> permission java.lang.RuntimePermission "loadLibrary.*";
>
> // get access to declared constructors/methods/fields via reflection
API
> permission java.lang.RuntimePermission "reflect.declared.*";
> };
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
