8.3. Establishing Trust in Signed Code

By building on the mechanisms described in the previous section, we now have the ability to establish trust in code. In Section 2.4, we described code signing, which was introduced with the release of JDK 1.1. Code signing provides the means to make trust decisions predicated on a trust relationship with the signer of the code. The code-signing model in JDK 1.1 effectively granted code that was signed by one or more trusted parties the permission to execute unencumbered. In other words, the code was not placed into the sandbox. In Java 2, we can be much more flexible and give only the minimum set of permissions necessary to accomplish the task. This is another example of how Java 2 subscribes to the principle ...

Get Inside Java™ 2 Platform Security: Architecture, API Design, and Implementation, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.