Subj : Re: Security Problem To : netscape.public.mozilla.jseng From : Lau Lei Cheong Date : Sat Jul 10 2004 11:08 am Self signed certificate is to be used for encrytion of SSL but not for acquire trust from another computer. The basic idea of employing a certificate is to have an authority confirm the identity of code owner so someone can decide whether to trust the identity. But by self-signed certificate you cannot tell whether an signed object told to be signed by - let's say microsoft - is really signed by microsoft or not. So the browser should never allow trust for code signed by this kind of certificate. Also see the passage below. https://www.selfwebhosting.com/sslcertificate.shtml Who can issue SSL Certificates? SSL Certificates can be issued by anybody using freely available software such as Open SSL or Microsoft's Certificate Services manager. Such SSL Certificates are known as "self-signed" Certificates. However, self-signed SSL Certificates are not inherently trusted by customer's browsers and whilst they can still be used for encryption they will cause browsers to display "warning messages" - informing the user that the Certificate has not been issued by an entity the user has chosen to trust. "Keno Albrecht" ??? news:ccka2n$cke1@ripley.netscape.com ???... > Hey, > > I signed my jar file (at least with on my local machine with a > selfmade/selfsigning certificate) but it didn't change anything :-(. > > Have you ever tried it? I just created a certificate, signed the jar and > run the same stuff again. Nothing changed. Than I imported my public key > to the Java Control Panel, but the same again. Am I doing something wrong? > > Thanks, > Keno > > > Your code will be less restricted if they are properly signed and accepted > > by the user. > > > > Go apply for a e-cert form your local CA, but this is NOT free. > > > > There may be dirty/evil way to override this. But I don't think you'll want > > it as they'll be browser dependent. And you won't get them useful here as > > should anyone here post it, it'll be fixed quickly and you'll have to face > > the problem again. > > > > "Keno Albrecht" ??? news:ccgfft$jnc2@ripley.netscape.com > > ???... > > > >>Hello, > >> > >>I'm writing a Mozilla Extension using LiveConnect to access my own > >>classes. Since I didn't find out where to put my classes (except the > >>jre/classes directory which is not useful since I want them somewhere in > >>the Mozilla directory to install them with xpi later), I use a > >>URLClassLoader to access/load them. > >> > >>Now, the problem is that there seems to be a rather restrictive > >>SecurityManager - I cannot read/write local files, open connections etc. > >>Also, Frames are marked with an "Applet-Flag". Well, I do not wrote an > >>Applet, this is an Extension directly linked into XUL/.js Code, so can I > >>avoid these security restrictions somehow? > >> > >>Thanks, > >>Keno > > > > > > .