...
| Wiki Markup |
|---|
According to the Java Tutorials \[[Tutorials 2008|AA. Bibliography#TutorialsReferences#Tutorials 08]\], |
If you are creating applet code that you will sign, it needs to be placed in a JAR file. The same is true if you are creating application code that may be similarly restricted by running it with a security manager. The reason you need the JAR file is that when a policy file specifies that code signed by a particular entity is permitted one or more operations, such as specific file reads or writes, the code is expected to come from a signed JAR file. (The term "signed code" is an abbreviated way of saying "code in a class file that appears in a JAR file that was signed.")
...
| Wiki Markup |
|---|
Automated detection is not feasible in the fully general case. However, an approach similar to Design Fragments \[[Fairbanks 07|AA. Bibliography#FairbanksReferences#Fairbanks 07]\] could assist both programmers and static analysis tools. |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b31318f80e0d919e-b015ed4c-490b4c44-bc1dbe9c-892fdd3f7dfbe9ced445e6f6"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | Improperly Verified Signature [XZR] | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-300. Channel accessible by non-endpoint (aka "man-in-the-middle") | ||||
| CWE-319. Cleartext transmission of sensitive information | |||
| CWE-494. Download of code without integrity check | |||
| CWE-347. Improper verification of cryptographic signature |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9c2bf6cbce8e87b0-ba496a0b-482247e2-8df1a60e-9df05183e8e26dfd0ca6cc1a"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API References#API 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6437d2ce6cfb23e1-3fed1834-41534e58-9ee9a551-1572991a250e38f10ef5a790"><ac:plain-text-body><![CDATA[ | [[Bea 2008 | AA. Bibliography#Bea References#Bea 08]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8c16992523a4dcaf-fbc446ce-4fd24ec4-b6f49774-08c9df9149b4e2c0826eeb51"><ac:plain-text-body><![CDATA[ | [[Eclipse 2008 | AA. Bibliography#Eclipse References#Eclipse 08]] | [JAR Signing | http://wiki.eclipse.org/JAR_Signing] and [Signed bundles and protecting against malicious code | http://help.eclipse.org/stable/index.jsp?topic=/org.eclipse.platform.doc.isv/guide] | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="09e1039051d8de08-31de7621-492f48b0-b6e8be25-b4681fdcc65369a1a902970d"><ac:plain-text-body><![CDATA[ | [[Fairbanks 2007 | AA. Bibliography#Fairbanks References#Fairbanks 07]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1ed5751ad68bbdee-5e0eb7e7-446845e2-8e199cd3-cf6f11d1cafdc589d6c731f2"><ac:plain-text-body><![CDATA[ | [[Flanagan 2005 | AA. Bibliography#Flanagan References#Flanagan 05]] | Chapter 24, The | ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0364e43d03dec59f-6d6ea7fb-4923445d-bb888cf4-03dd88c2adab1f449554a462"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong References#Gong 03]] | 12.8.3, | ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="00b1a549b9b92831-ef9a7883-4c3c4cf0-b9e892cb-c04aa53a74e3841c1ed28991"><ac:plain-text-body><![CDATA[ | [[Halloway 2001 | AA. Bibliography#Halloway References#Halloway 01]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bfd048392cd1ac4a-4c493d75-434141fe-8981a222-7047abad811edead24dd9b50"><ac:plain-text-body><![CDATA[ | [[JarSpec 2008 | AA. Bibliography#JarSpec References#JarSpec 08]] | Signature Validation |
| ]]></ac:plain-text-body></ac:structured-macro> | ||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f3963585d4e6fea7-5f096e18-4323454e-96ab8a51-ce2eeaf3b2c401c6f4680f96"><ac:plain-text-body><![CDATA[ | [[Oaks 2001 | AA. Bibliography#Oaks References#Oaks 01]] | Chapter 12, Digital Signatures, Signed Classes | ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="091049e41ad6d907-f68b54ca-44044018-a7f4b8a4-6c1dc64acebc74524d034f04"><ac:plain-text-body><![CDATA[ | [[Muchow 2001 | AA. Bibliography#Muchow References#Muchow 01]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f3a7238b7aea2db2-e959c580-4d954fec-bf3c9055-e27f0b99b55d2a9e19fbce45"><ac:plain-text-body><![CDATA[ | [[Tutorials 2008 | AA. Bibliography#Tutorials References#Tutorials 08]] | [The | http://java.sun.com/docs/books/tutorial/deployment/jar/jarrunner.html], [Lesson: API and Tools Use for Secure Code and File Exchanges | http://java.sun.com/docs/books/tutorial/security/sigcert/index.html] and [Verifying Signed JAR Files | http://java.sun.com/docs/books/tutorial/deployment/jar/verify.html] | ]]></ac:plain-text-body></ac:structured-macro> |
...