I found this on javasoft here --> http://java.sun.com/products/servlet/whitepaper.html Wouldn't this same idea apply to .war's? Has anyone here done *anything* with servlets that are digitally signed in some fashion? Regards, Steve "Unlike any other current server extension API, Java Servlets provide strong security policy support. This is because all Java environments provide a Security Manager which can be used to control whether actions such as network or file access are to be permitted. By default, all servlets are untrusted, and are not allowed to perform operations such as accessing network services or local files. However, servlets "built in to" the server, or servlets which have been digitally signed as they were put into Java Archive (JAR) files, may be trusted and granted more permissions by the security manager. A digital signature on executable code indicates that the organization which signed the code "vouches for it" in some sense. Such signatures can't support accountability by themselves, but they do indicate a degree of assurance that may be placed on use of that code. For example, a particular signature from a MIS organization might be required on all code which is granted general access to network services within a corporate intranet. That signature might only be used on code which is strongly believed not to violate particular security policies. " ===== ******************************** Steve Conover Jr. http://steve.dreamingtree.net FAX: (309) 276-8942 ******************************** __________________________________________________ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/
