Microsoft Certificate Applet

Greenbean

I'm going to give a little background to this problem.

I've made a client in java for no other reason than to use webforms to make a remote mp3encoder have an easy to understand and minimal fuss interface. Thus the applet runs in the background. I'm using javascript to activate a method within the applet and pass it paramaters. So far well and good.

Problems arise with the "Sandboxes" in Netscape and Microsoft IE. These are there to restrict the operations which applets may do. My applet needs to read and write from the users computer and to make net connections to the server which does the encoding. The answer to this is certificates, digitally signing and verified certificates. I've worked my way around making "dummy" versions of these certificates. Netscape then requires its own set of security classes as does IE. The netscape distribution of the applet is working fine (it asks for rights to access the resources).

IE is happy as long as you put the applet in a .cab file which is certified. After this you only need to worry if:

a) You stick the dangerous operations (file I/O and remote connections) in certain applet functions - init, start, destroy etc. I don't use any of these.

b) You call the function from a uncertifed source, eg if the function is called from within the applet that would be safe because the entire applet is certified, but if you called the function from somewhere else, like the javascript thats considered a security breach. ****, thats what I did and I need to do it.

Ways around this... somehow make javascript a certified source (is that possible). Another is to make a new thread for the dangerous operations - this has me stumped since threads are just badly documented. The main way to workaround is to include microsofts security classes and use their functions to assert that everything is ok.

These security classes are com.ms.security.* located in the java directory in an obsqure zip file ("23lkj4l.zip") in most peoples windows directory. The compiler I'm using ("borland java foundation 3.5") doesn't seem to want compile with classes it (is this normal?) needs source files. Netscape provided these so there was no problem, microsoft doesn't.

Placing the classes in the compilers path in the project dir doesn't seem to be any good, it just deletes them at compile time and complains it can't find them (essentially its looking at the source directories and matching up the class directories - so if the source dir has no security code then the class directory will have no extra classes either).

I'm stumped. If someone said there was a way to certify the javascript on the html page without messing up the netscape code it would be great help or if anyone has the source files for the microsoft security classes that would be great too. Best would be if someone knows if its possible to use the class files without the source code from 3.5.

Hopefull.

logic1

Sandboxes are only useful for cats. Outside of that... you know what I mean.


.logic.

spod

http://mindprod.com/signedapplets.html

looks like it might be useful.
It seems like a pretty comphrehensive page on signed applets. Has a table of different browsers and what is needed to create a signed applet. etc.

Also, that borland compiler sounds a bit suspect. You might wanna try downloading the latest jdk from javasoft.com and try using that.

Sorry I can't be of more help, I'm a bit of a java nut myself, but I've never actually had to do what your trying to do before so I'm at a bit of a loss.

Greenbean

Ok thanks for the help. Time is restricting me from wasting any more of it on this problem. Thankfully this its not a commerical app so theres no worry.

John O' Kane