你可以注册一个Java程序,但把它放在沙盒(不给它完全访问用户的计算机)? [英] Can you sign a Java applet but keep it in the sandbox (NOT give it full access to user's computer)?
问题描述
由于Oracle的最新变化,看来我必须签署,即使我并不需要一个applet或希望它具有对用户的计算机不受限制的访问(这就是为什么它目前无符号)。特别是,我不希望他们显示签名的Applet警告:
Thanks to Oracle's latest changes, it appears I have to sign an applet even though I don't need or want it to have unrestricted access to the user's computer (which is why its currently unsigned). In particular, I don't want the warning they show for signed applets:
此应用程序将不受限制的访问可能把你的电脑和个人信息的安全运行。
This application will run with unrestricted access which may put your computer and personal information at risk.
...这将用它吓唬人。
...which will scare the people using it.
是否有可能签署一个小程序,但以某种方式说,但继续使用沙盒标志呢?
Is it possible to sign an applet but mark it in some way to say "but keep using the sandbox"?
我登录它的唯一原因是,作为第7版,更新40,甲骨文进一步增加了用户唠叨必须处理运行未签名的Applet时。它曾经是,你可以检查一个盒子说你信任的小程序一次,将被铭记。由于更新40,它只是记住该浏览器会话;如果你关闭浏览器,稍后再回来的警告再次出现。他们还表示,他们会完全禁止在Java插件中的未来版未签名的小程序。
The only reason I'm signing it is that as of Version 7, Update 40, Oracle has further increased the nagging users have to deal with when running unsigned applets. It used to be that you could check a box saying you trusted an applet once, and that would be remembered. As of Update 40, it's only remembered for that browser session; the warning reappears if you close the browser and come back later. They've also said they're going to disable unsigned applets entirely in "a future version" of the Java plug-in.
推荐答案
是的,可以。 此页面展示了如何做到这一点(当然,大部分;你还需要< A HREF =http://docs.oracle.com/javase/tutorial/deployment/applet/html.html>此页面)。有两个主要步骤:
Yes, you can. This page shows how to do it (well, most of it; you also need this page). There are two main steps:
-
把
权限和codeBase的在清单文件属性:
Permissions: sandbox
Codebase: *.myserver.com这些新特性是在Java 7中引入更新25和在这里讨论。第一页上面的链接恰恰说明 codeBase类:myserver.com ,但大多数网站会想上面的通配符。 (我不知道是否需要沙盒applet的 codeBase的属性,但它似乎对大多数签名applet一个好主意无论如何。)
These new attributes were introduced in Java 7 Update 25 and are discussed here. The first page linked above just shows Codebase: myserver.com, but most sites are going to want the wildcard above. (I don't know if the Codebase attribute is required for sandboxing the applet, but it seems like a good idea for most signed applets anyway.)
然后建立你的罐子时,喜欢使用清单文件:
Then use that manifest file when building your jar, like:
jar cvfm YourJarFile.jar your_manifest_file.txt classes_and_such这些属性将在罐子里,它告诉Java运行时保持沙盒applet的MANIFEST.MF文件清盘。
Those attributes will wind up in the MANIFEST.MF file in the jar, which tells the Java runtime to keep the applet sandboxed.
在你的&LT;小程序&GT; 标签,你必须指定权限参数,<一个HREF =http://docs.oracle.com/javase/tutorial/deployment/applet/html.html>这里讨论:
In your <applet> tag, you have to specify the permissions param, as discussed here:
<applet code='yourAppletClass' archive='YourJarFile.jar'>
<param name="permissions" value="sandbox">
</applet>如果没有这第二步,签署的程序请求在罐子里沙箱权限,但不是标签是被标题为一个对话框,运行pvented $ P $应用程序无法运行,使原因:JAR清单要求运行仅在沙箱。
Without this second step, a signed applet requesting sandboxed permissions in the jar but not the tag is prevented from being run with a dialog box titled "The Application Cannot Be Run" giving "Reason: JAR manifest requested to run in sandbox only."
如果你做以上两个步骤,用户获得更加令人欣慰的消息(和presumably小程序仍然沙盒):
If you do both steps above, the user gets a much more reassuring message (and presumably the applet remains sandboxed):
此应用程序将与旨在保护您的计算机和个人信息的机会有限运行。
This application will run with limited access that is intended to protect your computer and personal information.
...如果他们选中相应的复选框信任的发布者和地点,他们没有再看到它时,他们下次打开浏览器并运行小程序。
...and if they check the relevant checkbox trusting the publisher and location, they don't see it again when they next open their browser and run your applet.
的(在问这个问题的过程中,我找到了答案,但因为得到的答复是没有对堆栈溢出我想我会继续前进,的发布问题和答案。)的
这篇关于你可以注册一个Java程序,但把它放在沙盒(不给它完全访问用户的计算机)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
