El 14/09/13 12:12, Rob escribió: > Another bug failure of the whole "signed code" concept is that even > if it is implemented completely correctly, it only tells you who wrote > the code (even if a name is a unique identification of that person or > entity), it does not tell you what the code is going to do on your > system.
Yes, the page I linked in my previous post explains it well. The problem is that Oracle (and Sun previously) assumes that identifying the author and warning the user about it means that, if the user accepts, the applet can do anything. Instead of that, a list of permissions should be requested, similar to what Android or Firefox OS do. -- Ricardo Palomares (RickieES) http://www.mozilla-hispano.org/ http://www.proyectonave.es/ https://diasp.eu/u/rickiees _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
