Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4880726

secure "Unsigned Only" option

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Duplicate
    • Icon: P4 P4
    • None
    • 1.4.2
    • deploy
    • x86
    • linux



      Name: gm110360 Date: 06/18/2003


      A DESCRIPTION OF THE REQUEST :
      If you limit your machine to secure unsigned JWS apps you will never be infected by spyware or a virus.

      I think this could be done with a flag in the javaws.cfg file. The administrator could set the flag and set javaws.cfg read only so the user couldn't change it.

      JUSTIFICATION :
      The example lafros gave was a public library: they do not want the machine to run signed applications which can install spyware and viruses.

      Come to think of it, I have spent several years working in the financial sector in NYC and this is _exactly_ the type of capability these guys would want. In these environments almost no one has Administrator/root access to their own machine. Applications, Internet and hard drive access are tightly controlled. A secure unsigned Java Web Start environment would give a distinct security advantage against competing .EXE or .NET applications.

      Please also see..
      http://forum.java.sun.com/thread.jsp?forum=38&thread=410674

      NOTE: In case you are wondering why I call "unsigned JWS" secure please read this: http://www.ScheduleWorld.com/itsYourLife.html

      Thank you.
      (Review ID: 187940)
      ======================================================================

            Unassigned Unassigned
            gmanwanisunw Girish Manwani (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: