felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Guillaume Nodet (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FELIX-3610) Support runtime verification for signed bundles
Date Wed, 25 Jul 2012 17:07:34 GMT

    [ https://issues.apache.org/jira/browse/FELIX-3610?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13422417#comment-13422417
] 

Guillaume Nodet commented on FELIX-3610:
----------------------------------------

Note that the benefit of signing is that those bundles are actually secured.  In my case,
only signed bundles can be accessed at runtime -- this can be checked using Bundle#getSignerCertificates().
 So the verification is important to ensure that only signed code can be accessed at runtime.
                
> Support runtime verification for signed bundles
> -----------------------------------------------
>
>                 Key: FELIX-3610
>                 URL: https://issues.apache.org/jira/browse/FELIX-3610
>             Project: Felix
>          Issue Type: Improvement
>          Components: Framework, Framework Security
>            Reporter: Guillaume Nodet
>
> Signed bundles are only checked when installed, but the goal of signed bundles is to
make sure no one has changed the jar.    This is not ensured unless bundle entries are verified
when loaded.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message