Signed Applets, Certificate Authorities

J

John Brayton

I have a web application with applets that access the users' file
system (with permission) and upload files to a our web server.

I am looking for a trusted certificate authority that can sign the
applet, such that that applet is trusted (by default) by IE,
Firefox/Mozilla, Safari, and Opera.

Is there an applet-signing certificate authority that can sign my
applet such that it is trusted by these browsers?

Any pointers or recommendations would be appreciated. Thanks!

John
 
A

Andrew Thompson

John said:
I have a web application with applets that access the users' file
system (with permission) and upload files to a our web server.

I am looking for a trusted certificate authority that can sign the
applet, such that that applet is trusted (by default)

No way!
..by IE,
Firefox/Mozilla, Safari, and Opera.

Is there an applet-signing certificate authority that can sign my
applet such that it is trusted by these browsers?

The difference in user experience when accepting a
project singed by a self-signed certificate and one
certified by a CA, is that
a) The security warning presented to the end user is
much less scary if the code signer can be verified.
b) The 'Yes/Accept' button is focused, whereas it is not
with a certificate that cannot be verified.
(Note that the 'certified' code will also be more like the
self-signed code if the certificate is expired or net yet
valid etc.)
Any pointers or recommendations would be appreciated. Thanks!

(My suggestion) Stop trying to take control form your
end users, but instead explain to them the benefits of
your software and how it helps them when they grant
it 'extended access'.

Andrew T.
 
J

John Brayton

Thanks, Andrew. I do have every intention of making it clear (before
the user gets that far) what the applet will do and why the web
application will require access to their file system. Everything I'm
doing is above board and will be clearly explained.

I just need a CA that will be certified on required browsers/platforms;
otherwise it will just look like a self-signed certificate to some
users. I know the user will be asked to "trust" the applet anyway; I
just want that trust request to come from a piece of code signed by a
known CA.

John
 
T

Thomas Hawtin

John said:
I have a web application with applets that access the users' file
system (with permission) and upload files to a our web server.

As I understand it, Vista will not allow applets (or other plug-ins)
access to arbitrary files. You might want to check that out first.

In any case, if you require network launched code to load and save
files, I strongly suggest JNLP/WebStart (without signing).

Tom Hawtin
 
A

Andrew Thompson

Thomas Hawtin wrote:
....
In any case, if you require network launched code to load and save
files, I strongly suggest JNLP/WebStart (without signing).

A sterling idea! (AKA "Wish I'd thought of that!")

Andrew T.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,733
Messages
2,569,439
Members
44,829
Latest member
PIXThurman

Latest Threads

Top