That is relevant and also not so. Because Java applets silently grant access to a out of sandbox functionality if signed. This is not what I am proposing. I am suggesting a model in which the sandbox model remains intact and users need to explicitly agree to access that would otherwise be prohibited.


On 11/19/2014 12:01 AM, Jeffrey Walton wrote:
On Wed, Nov 19, 2014 at 12:35 AM, Michaela Merz
<> wrote:
Well .. it would be a "all scripts signed" or "no script signed" kind of a
deal. You can download malicious code everywhere - not only as scripts.
Signed code doesn't protect against malicious or bad code. It only
guarantees that the code is actually from the the certificate owner .. and
has not been altered without the signers consent.
Seems relevant: "Java’s Losing Security Legacy", and "Don't Sign
that Applet!",

Dormann advises "don't sign" so that the code can't escape its sandbox
and it stays restricted (malware regularly signs to do so).

Reply via email to