O'Reilly logo

Inside Java™ 2 Platform Security: Architecture, API Design, and Implementation, Second Edition by Mary Dageforde, Gary Ellison, Li Gong

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

8.3. Establishing Trust in Signed Code

By building on the mechanisms described in the previous section, we now have the ability to establish trust in code. In Section 2.4, we described code signing, which was introduced with the release of JDK 1.1. Code signing provides the means to make trust decisions predicated on a trust relationship with the signer of the code. The code-signing model in JDK 1.1 effectively granted code that was signed by one or more trusted parties the permission to execute unencumbered. In other words, the code was not placed into the sandbox. In Java 2, we can be much more flexible and give only the minimum set of permissions necessary to accomplish the task. This is another example of how Java 2 subscribes to the principle ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required