commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Duong BaTien <duong.bat...@gmail.com>
Subject Re: [Digester] Digester is a security violation when using JNLP?
Date Sat, 19 Feb 2005 00:02:58 GMT
Vic wrote:

> Digester reads an XML file, and JNLP/WebStart classloader won't let 
> you read files without signing all the jars.
> I chose not to use commons-chains(it uses digester) on the Swing side 
> becuase of this.
>
> Siging the jars leads to this 4 year old bug:
>   http://forums.java.net/jive/thread.jspa?threadID=315&tstart=0
> Stanley Ho last repose was... we will try to address in in Java 6. ??? 
> beucase we, the developers, just don't grasp them trying to keep us 
> safe. And they apear not to have any usability or deployment concerns.
> (This bug is fixed in open source implementation of the JNLP 
> classloader )
>
> Sun is holding a chat w/ developers on 3/1 to talk about WebStart 
> issues, they seem un-aware or un-affected that people are chosing 
> Flash VM for RiA becuase of this one issue.
> http://java.sun.com/developer/community/chat
>
> ( This to me is an example of why I want my users deploy open source 
> versions of JRE, becuase I can patch it. My other idea is to hire 
> Stanley Ho .... just so that Sun puts somone else there. )
> Hubert, I use continus build, to deploy my applications once a day 
> just to see what happens, and not find out last minute some silly 
> design issue. You can read more about webstart sandraSF.com.
>
> .V
>
I read the following article: 
http://www.devx.com/Java/Article/27300/1954?pf=true and seek practical 
suggestions from those who have some insight to compare pro and con 
between this approach and JNLP distributed framework, especially JNLP is 
now a part of Java.

BaTien
DBGROUPS

>
> Hubert Rabago wrote:
>
>> If I sign my jars, will this still be a problem?
>>
>>  
>>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org


Mime
View raw message