Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

An organization that signs its own code should not vouch for code acquired from a third party without carefully auditing the third-party code. When signing privileged code, ensure that all of the signed code is confined to a single jar file (see ENV01-J. Place all security-sensitive code in a single jar JAR and sign and seal it for more information) and also that any code invoked from the privileged code is also contained in that jar file. Non-privileged code must be left unsigned, restricting it to the sandbox. For example, unsigned applets and JNLP applications are granted the minimum set of privileges and are restricted to the sandbox. Finally, never sign any code that is incomprehensible or unaudited.

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="836e312ca0f639bc-b18fd07d-450d4ff7-be33a03b-72293472be2206e451bf0fb3"><ac:plain-text-body><![CDATA[

[ISO/IEC TR 24772:2010

http://www.aitcnet.org/isai/]

"Adherence to Least Privilege [XYN]"

]]></ac:plain-text-body></ac:structured-macro>

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7c77001aa0df758f-60a586c1-423248b8-8255ab2b-5f4e62fef3d3c3390a70cfef"><ac:plain-text-body><![CDATA[

[[Dormann 2008

AA. Bibliography#Dormann 08]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="371178be9b7eabe2-9019d417-41b34c69-afd7a6de-e7288a6e458f6734005b0453"><ac:plain-text-body><![CDATA[

[[McGraw 1999

AA. Bibliography#McGraw 99]]

Appendix C: Sign Only Privileged Code

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0ad721cd2ee85778-ae574c0e-46e5489f-aca2af85-9c79dc279c8c67f75d7a5abd"><ac:plain-text-body><![CDATA[

[[Schneier 2000

AA. Bibliography#Schneier 00]]

 

]]></ac:plain-text-body></ac:structured-macro>

...