Java-Gaming.org    
Featured games (81)
games approved by the League of Dukes
Games in Showcase (499)
Games in Android Showcase (118)
games submitted by our members
Games in WIP (567)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Hosting jars over https  (Read 2658 times)
0 Members and 1 Guest are viewing this topic.
Offline hishadow

Senior Newbie





« Posted 2010-12-29 08:50:06 »

I'm a little disturbed that by signing my jars and publishing them on the net, when users have accepted the certificate, any website can reference these jars with the certificate auto-accepted. Would hosting these by https help here? As I understand, you cannot mix webpages that use http and https.
Offline cylab

JGO Ninja


Medals: 50



« Reply #1 - Posted 2010-12-29 08:56:35 »

I'm a little disturbed that by signing my jars and publishing them on the net, when users have accepted the certificate, any website can reference these jars with the certificate auto-accepted.
What kind of misuse do you fear with that?

Mathias - I Know What [you] Did Last Summer!
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 801
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #2 - Posted 2010-12-29 08:58:34 »

There is no difference in making a file available through HTTP or HTTPS.

Further, it's not as simple as you seem to think. Code that attempts to use your signed code, must also be signed, by the other party, which has to be explicitly allowed by the user too. Especially since Java 1.6. update 19 you have a lot less options to run unsigned and signed code in the same application.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline hishadow

Senior Newbie





« Reply #3 - Posted 2010-12-29 09:02:58 »

I also have a lot of message passing going between the applet and javascript. Would a foreign webpage over http, that includes my signed jars on https, be able to communicate with an instance of the applet?

Info on my project: I'm making a "traditional application" and is using the webbrowser for UI. Javascript does message passing between the applet and the browser. When I want to load a file, I message the applet to show the file dialog, but I was thinking of adding a disk browser (read/traverse only) in the webpage instead. That's why I'm worried if other reference my jars and can get the same scripting capabilities on foreign sites.
Offline kappa
« League of Dukes »

JGO Kernel


Medals: 77
Projects: 15


★★★★★


« Reply #4 - Posted 2010-12-29 09:10:27 »

just stick a 'Trusted-Only: true' attribute in the manifest of your signed jars. This way no unsigned jars can use your jars (or even start in the same jvm). Only foreign signed jars will be able to use them and in which can it doesn't really matter if they use your jars or not since they are outside the java sandbox already.
Offline hishadow

Senior Newbie





« Reply #5 - Posted 2010-12-29 09:16:34 »

Also, I'm getting a SSL certificate from Thawte for my domain. These don't work for signing jars right? The seller also adverticed certificates for jars, but they were very expensive. Is self-signed that display my domain name just as good?
Offline kappa
« League of Dukes »

JGO Kernel


Medals: 77
Projects: 15


★★★★★


« Reply #6 - Posted 2010-12-29 09:20:48 »

Also, I'm getting a SSL certificate from Thawte for my domain. These don't work for signing jars right?
No, SSL Certificates can't be used to sign jars. You'll need a code signing certificate.

Is self-signed that display my domain name just as good?
No not really, you'll get a much more ugly(scary?) dialog with self signed jars then a proper certificate. Whether users really care about this is debatable (see minecraft, massively successful but still uses a self signed certificate).
Pages: [1]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

Pippogeek (39 views)
2014-09-24 16:13:29

Pippogeek (30 views)
2014-09-24 16:12:22

Pippogeek (19 views)
2014-09-24 16:12:06

Grunnt (44 views)
2014-09-23 14:38:19

radar3301 (25 views)
2014-09-21 23:33:17

BurntPizza (62 views)
2014-09-21 02:42:18

BurntPizza (32 views)
2014-09-21 01:30:30

moogie (39 views)
2014-09-21 00:26:15

UprightPath (50 views)
2014-09-20 20:14:06

BurntPizza (54 views)
2014-09-19 03:14:18
List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50

List of Learning Resources
by SilverTiger
2014-07-31 16:26:06

List of Learning Resources
by SilverTiger
2014-07-31 11:54:12

HotSpot Options
by dleskov
2014-07-08 01:59:08
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!