more about signed servlets...

[Steve Conover <sg...@yahoo.com>]

I found this on javasoft here -->
http://java.sun.com/products/servlet/whitepaper.html

Wouldn't this same idea apply to .war's?  Has anyone here done
*anything* with servlets that are digitally signed in some fashion?

Regards, Steve

"Unlike any other current server extension API, Java Servlets provide
strong security policy support. This is because all Java environments
provide a Security Manager which can be used to control whether actions
such as network or file access are to be permitted. By default, all
servlets are untrusted, and are not allowed to perform operations such
as accessing network services or local files. 

However, servlets "built in to" the server, or servlets which have been
digitally signed as they were put into Java Archive (JAR) files, may be
trusted and granted more permissions by the security manager. A digital
signature on executable code indicates that the organization which
signed the code "vouches for it" in some sense. Such signatures can't
support accountability by themselves, but they do indicate a degree of
assurance that may be placed on use of that code. For example, a
particular signature from a MIS organization might be required on all
code which is granted general access to network services within a
corporate intranet. That signature might only be used on code which is
strongly believed not to violate particular security policies. "


=====
********************************
Steve Conover Jr.
http://steve.dreamingtree.net
FAX: (309) 276-8942
********************************

__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/