开发者

Obtaining trust with an Applet

Greetings,

I recently created a jar, and signed it with a keystore I created.

The signing of the jar went fine, however when I run the applet, it gives the usual prompt if you want to run the applet or not however, after accepting it, when the applet tries to connect to a MySQL database (ran locally) it prompts yet again asking if you want to run this potentially unsafe operation.

I've been told that when you sign an applet, and the user clicks Yes that they want to run it, that the applet becomes tr开发者_如何学JAVAusted? However in this circumstance it has not? I may have been told wrong information..

So my question is, how can I keep these (fairly) annoying messages from popping up when operating the applet?

Cheers


It is probably triggered by Mixing Signed and Unsigned Code. To fix the problem, see the section on Deploying Signed Applications and Applets Securely Without a Mixed Code Warning.


If I remember correctly (I did that over ten years ago, so I might be horribly wrong here), the applet doesn't become "trusted", but rather, the signature provides an identifier to which privileges granted by the user are then attached. So the reason unsigned code is untrusted is because there is no way to attach the privilege, but signed code does not become trusted the second it is run.

The warning should pop up only once per installation thus. There is an API to explicitly request privileges, so in case you use more than this one, you can ask for all that you require in a single go, but you cannot really avoid the user getting asked whether they want to extend your applet's privileges.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜