Hi,
two colleagues came with an idea that our new java platform should only
run signed code. In the java world I've only seen signed java applets.
From a bit of internet research it looks like any JAR, WAR or EAR can
be signed with jarsigner (maybe all zip files?).
Some sources indicate that this is supported or verified in WebLogic. So
how about Tomcat? Is there any verification of signed code or are there
any configuration flags to enable/enforce/disable this?
I would guess the signature is ignored. Am I wrong?
Thank you,
Stefan Mayr
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
