|
|
|
|
|
|
by RyanZAG
4530 days ago
|
|
|
"While this is great in theory, for java its pointless. The contents of a jar can be extracted just the same as any zip format, signatures removed and resigned all without any issue." Completely false? Resigning a jar with authenticated signature will turn it into a self-signed jar and will then display the nasty warning as it should. This security measure works very well: if you want to run stuff in the browser, use js+HTML5 (or GWT). If you have legacy java code that you must run in the browser, get it signed properly and it will run. This is universally an incredibly good thing given how flakey java applets are. |
|
|