mailto:[EMAIL PROTECTED]
Dear colleagues,
running a signed browser applet in IE4.01-SP1a (JVM build 3167) based on
the most recent OCF 1.1.1 reference implementation, a security exception
is thrown if the 'CardTerminal' instance used does NOT implement the
'VerifiedAPDUInterface' AND the method 'CardChannel.sendVerifiedAPDU()'
is used by the 'CardService'.
This faulty behaviour is caused by the privileged query
'System.getProperty( ... );' in the protected constructor of
class 'opencard.core.service.CardHolderVerificationGUI' to initialize
the 'BACKGROUND' string attribute (which is not used at all ;-)
In general, an implementation that complies with both the Netscape
Capabilities API and the Microsoft Authenticode-2 security framework
should employ the sequence
SystemAccess sa = SystemAccess.getSystemAccess();
String property = sa.getProperty( ... );
to query a system property value, due to the fact that this operation
runs outside the VM's sandbox. Maybe IBM could fix this in an upcoming
maintenance release.
Greetings.
----------------------------------------------------------------------
Dr.-Ing. Markus A. Stulle - Schleissheimer Stra�e 70 'Java Madman'
D-80797 Muenchen - Germany
Tel./FAX: (+49 89) 520 59 001
GSM: (+49 171) 213 - 70 84
GSM-FAX: (+49 171) 214 - 84 74, GSM-Data: - 86 74
AOL-FAX: (+40) 36 03 - 02 00 16
EMail: [EMAIL PROTECTED], [EMAIL PROTECTED]
-----------+===+------------------------------------------------------
> press |ESC| key once to abort program or twice to continue! <
-----------+===+------------------------------------------------------
Visit the OpenCard Framework's WWW site at http://www.opencard.org/ for
access to documentation, code, presentations, and OCF announcements.
-----------------------------------------------------------------------------
To unsubscribe from the OCF Mailing list, send a mail to
"[EMAIL PROTECTED]" with the word "unsubscribe" in the BODY of the
message.
