Return-Path: Delivered-To: apmail-xml-general-archive@xml.apache.org Received: (qmail 98267 invoked by uid 500); 10 Apr 2001 14:21:59 -0000 Mailing-List: contact general-help@xml.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: general@xml.apache.org Delivered-To: mailing list general@xml.apache.org Received: (qmail 98226 invoked from network); 10 Apr 2001 14:21:55 -0000 Message-ID: From: "Albert, Kevin" To: "'general@xml.apache.org'" Subject: Signing Apache XML Projects' code Date: Tue, 10 Apr 2001 10:21:51 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0C1C9.9616D580" X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N ------_=_NextPart_001_01C0C1C9.9616D580 Content-Type: text/plain; charset="iso-8859-1" I have developed an applet using JDK 2 version 1.3, and have signed its jar using an RSA certificate from Thawte that was purchased by my employer. When this signed applet is loaded by the JDK 2 Plug-In, the user is given the option of granting permissions to the applet by the Plug-In's security dialog. This allows me to distribute the applet without requiring end-users to configure a policy file for the applet. This is all great, except that I am also using the Apache Xerces and Xalan jar files from the applet. These jars are loaded via the HTML object tag's archive parameter. When Xerces or Xalan has to go outside of the Plug-In's "sandbox", permission denied exceptions occur because these jars are not signed. I am wondering if the Apache XML Project has an RSA certificate that can be used to sign the Xerces and Xalan jar files. I would REALLY prefer not to require that all of my end-users configure a policy file so the Xerces and Xalan jars can be trusted. Thanks in advance, Kevin Albert ------_=_NextPart_001_01C0C1C9.9616D580 Content-Type: text/html; charset="iso-8859-1"
I have developed an applet using JDK 2 version 1.3, and have signed its jar using an RSA certificate from Thawte that was purchased by my employer.
When this signed applet is loaded by the JDK 2 Plug-In, the user is given the option of granting permissions to the applet by the Plug-In's security dialog.  This allows me to distribute the applet without requiring end-users to configure a policy file for the applet.
 
This is all great, except that I am also using the Apache Xerces and Xalan jar files from the applet.  These jars are loaded via the HTML object tag's archive parameter.  When Xerces or Xalan has to go outside of the Plug-In's "sandbox", permission denied exceptions occur because these jars are not signed.
 
I am wondering if the Apache XML Project has an RSA certificate that can be used to sign the Xerces and Xalan jar files.  I would REALLY prefer not to require that all of my end-users configure a policy file so the Xerces and Xalan jars can be trusted.
 
Thanks in advance,
Kevin Albert
 
------_=_NextPart_001_01C0C1C9.9616D580--