I provide a java based editor to in internal network of xml editors. Initially it was a plugin, changed to an Applet using jnlp to launch 6 years ago. With the eminent demise of web start I am changing the framework to a desktop Application. The Applet is signed and timestamped as required by all browsers. Once I transition to an installed java application I question whether I need to sign the application jars? The certificate is not cheap and the signing of 30+ jars takes a lot of time. The editor is used on Macs, Windoze and Linux systems. Do I still have to sign it to get it to run? If not what is the downside of not signing, vs the upside to signing?
Desktop java applications don't validate jar signatures. So there is absolutely no benefit to continue signing your jars. Applets are dead (and so is the "sandbox" security model).
Related
I have a few months programming in java and I are applying in my work a desktop application that is installed and that the opened check if this updated or not and if not upgrade a server on the Internet.
The program consists of PDF documents, but those documents are constatemente making changes.
The idea is that the update is downloaded to the person the most current documents.
How do I can do with java desktop?
Look on Java Web Start technology. It's not exactly what you need but with ability to start your application from Internet it allows every time launch the latest application version.
Here is example how to create and deploy simple Java application.
Practical example of this technology is muCommander file manager Java Web Start launch
I'm developing a system whose requires to capture user fingerprint. I have done this task using a desktop app in Java.
I need to do it via web using a form or dialog, but I have no idea how to do it. I want to avoid applets. Is there a way to place a button in HTML and capture a fingerprint?
I'm using verifinger sdk
UPDATE
I sent a message to Verifinger team and they sent me this:
Trial SDK package includes all the functionality, including VeriFinger Extended.
Before starting to implement these questions should be raised and answered:
Will your solution be able to interact with user's computer?
If you want your browser application to use client side fingerprint scanners and you want to use Neurotechnology components for it - you should write an applet (Java) or ActiveX component and then embed it to C# asp.net application (sorry we do not have sample for that). There are other ways of implementation but the applet is a general approach.
Will your solution be able to extract biometric templates on client side?
If you want your application to extract and/or do matching on client pc - you will have to use either an applet or ActiveX (in order to run code that references our libraries on clients pc). If you do not want to do that - you can capture an image (either with our components, or maybe just allowing client to select a file), upload it to the back-end (running C# ASP.NET, Java EE or even PHP), do processing there, return the results.
In general the Java Applet sample is a good place to start: you can use it for image capture and/or template extraction and write your own middleware (like enrollment to database or matching) on server (i.e. web services) and reference it from the client browser application.
SDK does include Abis sample java applet. It can be built with Maven running from command prompt this command: "mvn clean install -Papplet"
From SDK\samples\biometrics\java directory (if SDK 5.0 is used)
From SDK\samples\ (if SDK 4.5 is used)
Maven version 3.1.1 is recommended.
I hope it can be useful.
UPDATE 2
I did an applet which capture the fingerprints and passed them to a javascript function.
UPDATE 3
I released an example project to to this, explained in this post.
The Verifinger SDK contains components for creating stand-alone or web-based applications.
Available as a software development kit that allows development of stand-alone and Web-based solutions on Microsoft Windows, Linux, Mac OS X, iOS and Android platforms.
I'm a beginner with java applets. I have developed few small desktop applications using core java ( Swing ). I need to build an applet which can do the following things -
Read a system file and modify it.
Create system file.
Execute a system command for setting some configuration of the client machine
Applet will download a file by running a system command. I need to check for the file size and plot download speed in graph.
Applet should run on all platforms ( MAC OSX, Linux, Windows, Android, IOS )
I have already developed this app using python and PyQT which is platform independent. So my app can be run on all platform but that requires PyQT and some dependencies to be installed on all platforms which is a difficult job. So we are opting for java applet to avoid dependent package installation and give more user friendliness and make the application platform independent.
I have already gone through the following link -
http://docs.oracle.com/javase/tutorial/deployment/applet/security.html
According to this link I need a privileged applet to do system related activities.
My Questions are -
Is is at all a good idea to use applets for what I need to implement?
How to make applets privileged?
Does applets work on Android or iOS? AFAIK, JRE is not available for these two platforms.
Can I go for JNLP API? Is that platform independent? I found some examples here - http://pscode.org/jws/api.html#fs
Thanks
Is is at all a good idea to use applets for what I need to implement?
No. Applets are a PITA to develop or maintain.
Do as advised by MadProgrammer and use a stand alone application.
How to make applets privileged?
Digitally sign them, then encourage the user to click OK when prompted.
Does applets work on Android or iOS?
No.
Can I go for JNLP API? Is that platform independent?
The JNLP API is available to desktop apps. and applets running in JSE (so again not iOS or Android).
There is no x-plat language that can cover all required platforms. I'd use Java for desktops & Android API for Android phones. I don't know what iOS is programmed in.
I have an application that is written in Java and is going to be distributed on Mac OS X, Windows, and Linux. Currently, I am packaging the app for each platform as follows (but I'm willing to change it if an alternative is needed):
Mac OS X: Using Eclipse, go to "File" -> "Export…" and choose Mac OS X Application bundle
Windows: Bundle the jar file into an exe file using Launch4j
Linux: Bundle the jar file into an sh file using Jnix
The trouble is, I'm starting to run into problems with my programs not being trusted. Google Chrome reports that beta versions of my app are not from a trusted source and Windows 8 Smartscreen filter does the same. It's my understanding that the only way to get these security measures to trust my app (which will definitely be necessary if I want to distribute it for real) is to have the app signed. However, I'm finding precious little documentation about how to do this and most of it is for one platform (e.g. this tells me about signing for Windows 8).
My question is: is there a way to sign my Java code once and automatically have the executables I create be signed? Or do I have to sign each executable file separately? If it's the latter, is there one code signing authority that I can use or do I have to get it signed separately with different groups?
With the suggestion from ParrotMac, I wound up doing Digicert's livechat and asked some of these questions to "David". Here is what he had to say (edited for clarity):
Do I authenticate the Java code or the end product executable or both?
You'll want to sign the end product.
Do I purchase one certificate and use it for other platforms or do I purchase them separately?
You can purchase a code signing certificate, download it for a platform of your choice (e.g. Java jar files), then re-key it for another (e.g. authenticode for Windows .exes), if you would like. Re-keying is free and you can re-key your certificate for different platforms as many times as you would like as long as the certificate is valid. When you rekey, it does not invalidate your prior certificate, just enables you to download another one for a different platform. The platform you choose for digicert is just the platform it is initially keyed for.
One of my platform targets is Linux. Is there such thing as Linux code signing? Or is it just for OS X and Windows?
You can use the certificate in Linux, you would just use a different tool to sign it than you would for Windows or OS X.
So there you have it. At least from digicert (and I would presume other code authentication companies) you can buy one certificate and use it for multiple platforms at no charge. You then authenticate your end product; authenticating your raw jar file is unnecessary unless you're distributing it that way.
However, I did find out that if you wanted to get past Windows 8, you have to get more secure code signing.
Would code signing work to get past Windows 8's Smartscreen filter?
You would need the EV Code Signing certificate to get past the Windows 8 Smartscreen filter. The EV does cost more, but mainly due to the extra validation that comes with it. You can do the same thing with the EV as you would with the non-EV certificate.
And for good measure, I asked if a certificate was needed if it was being sent to the Mac OS X App Store or other store.
If I wanted to distribute this cross-platform app in the Mac OS X App Store or other store, do I need a certificate? If so, is it the same certificate?
For stores like Google's Apps store or Mac App Store, you'll need to have your software signed by a trusted certificate. But you would want to view that particular stores requirements to determine exactly what you need.
NOTE: I'm a veteran Java developer (10yrs) and have recently decided to make things interesting and jump over to the ASP.NET / C# world. Thus the question...
I have a business requirement to build an ASP.NET web application that can be installed into an "enterprise data center" for use by an entire organization or can be downloaded by a single user and run on their desktop (assuming WinXP or higher). Installing the web application into an enterprise environment is easy, but allowing single users to download a file, double-click, then access the application through their web browser is an entirely different story.
To solve the single user dilemma in Java, I would simply bundle the Jetty web app server into my application and configure the WAR file to start up the web server and run the web application when someone double clicks on it.
Is there any way within the .NET world to do something like this?
Are there other .NET web app containers that I could bundle into my application?
Would I need to create an Installer Wizard that would configure IIS on the users machine?
Any help is much appreciated.
probably the closest thing to what you're describing would be a WPF Browser Application.
What I personally would use is a ClickOnce installed winform or wpf application.
You can include the Cassini web server (free to distribute). This server is great for one or two users, but you wouldn't want to run your site on it.
http://www.ultidev.com/products/Cassini/
There's a side benefit to this .... you can include the code in your solution and set break points wherever you need them. If you're using SharpDevelop instead of Visual Studio set Cassini as the startup project.
EDIT : Just checked the site and I'm not sure if it's open source anymore. I may have used Reflector to generate code to set break-points.