signed netscape ?

Zhang Jiqing (zhangj@cslab.uky.edu)
Thu, 09 Apr 1998 09:53:39 -0400

Date: Thu, 09 Apr 1998 09:53:39 -0400
From: Zhang Jiqing <zhangj@cslab.uky.edu>
To: java-security@web4.javasoft.com
Subject: signed netscape ?

Dear Sir:

After visiting your page at

http://java.sun.com/security/signExample/

I have two questions:

1. signed api works only on appletviewer. when you use netscape
browser, it still does not work.

for example, your signedWriteFile will throw a IOException
if I use netscape to browse it.

2. why tmp/foo is not created while signedWriteFile tell me the
success.

3. after the archive file is created, I modified the java code and
created a new class file, the signedWriteFile still work
on appletviewer. Does this mean that once you trust a signed
API, you trust its later version too.
In my opinion, this could be a serious security problem i
f the answer is yes.

Thank you very much

zhang Jiqing
graduate student at University of Kentucky