您可以签署 Java 小程序但将其保存在沙箱中(不授予它对用户计算机的完全访问权限)吗? [英] Can you sign a Java applet but keep it in the sandbox (NOT give it full access to user's computer)?

查看:22
本文介绍了您可以签署 Java 小程序但将其保存在沙箱中(不授予它对用户计算机的完全访问权限)吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

感谢 Oracle 的最新更改,即使我不需要或不希望它对用户的计算机具有不受限制的访问权限(这就是它目前未签名的原因),我似乎也必须签署小程序.特别是,我不希望他们为签名的小程序显示警告:

Thanks to Oracle's latest changes, it appears I have to sign an applet even though I don't need or want it to have unrestricted access to the user's computer (which is why its currently unsigned). In particular, I don't want the warning they show for signed applets:

此应用程序将以不受限制的访问权限运行,这可能会使您的计算机和个人信息面临风险.

This application will run with unrestricted access which may put your computer and personal information at risk.

...这会吓到使用它的人.

...which will scare the people using it.

是否可以签署小程序但以某种方式将其标记为但继续使用沙箱"?

Is it possible to sign an applet but mark it in some way to say "but keep using the sandbox"?

我签署它的唯一原因是,从第 7 版更新 40 开始,Oracle 进一步增加了用户在运行未签名小程序时必须处理的烦人问题.过去,您可以选中一个框,说您曾经信任过一个小程序,并且会被记住.从更新 40 开始,它只会被那个浏览器会话记住;如果您关闭浏览器并稍后返回,警告会再次出现.他们还表示将在 Java 插件的未来版本"中完全禁用未签名的小程序.

The only reason I'm signing it is that as of Version 7, Update 40, Oracle has further increased the nagging users have to deal with when running unsigned applets. It used to be that you could check a box saying you trusted an applet once, and that would be remembered. As of Update 40, it's only remembered for that browser session; the warning reappears if you close the browser and come back later. They've also said they're going to disable unsigned applets entirely in "a future version" of the Java plug-in.

推荐答案

是的,你可以.这个页面 展示了如何做(嗯,大部分它;您还需要此页面).主要有两个步骤:

Yes, you can. This page shows how to do it (well, most of it; you also need this page). There are two main steps:

  1. PermissionsCodebase 属性放在您的清单文件中:

  1. Put the Permissions and Codebase attributes in your manifest file:

Permissions: sandbox
 Codebase: *.myserver.com

这些新属性是在 Java 7 Update 25 和 在这里讨论.上面链接的第一页只显示了 Codebase: myserver.com,但大多数网站都需要上面的通配符.(我不知道对小程序进行沙盒处理是否需要 Codebase 属性,但无论如何对于大多数已签名的小程序来说,这似乎是一个好主意.)

These new attributes were introduced in Java 7 Update 25 and are discussed here. The first page linked above just shows Codebase: myserver.com, but most sites are going to want the wildcard above. (I don't know if the Codebase attribute is required for sandboxing the applet, but it seems like a good idea for most signed applets anyway.)

然后在构建 jar 时使用该清单文件,例如:

Then use that manifest file when building your jar, like:

jar cvfm YourJarFile.jar your_manifest_file.txt classes_and_such

这些属性将出现在 jar 中的 MANIFEST.MF 文件中,它告诉 Java 运行时将小程序保持在沙盒中.

Those attributes will wind up in the MANIFEST.MF file in the jar, which tells the Java runtime to keep the applet sandboxed.

在您的 标签中,您必须指定 permissions 参数,此处讨论:

In your <applet> tag, you have to specify the permissions param, as discussed here:

<applet code='yourAppletClass' archive='YourJarFile.jar'>
     <param name="permissions" value="sandbox">
 </applet>

如果没有这第二个步骤,一个签名的小程序会在 jar 中请求沙盒权限而不是标签被阻止运行,并且会出现一个标题为应用程序无法运行"的对话框.给出原因:JAR 清单请求仅在沙箱中运行."

Without this second step, a signed applet requesting sandboxed permissions in the jar but not the tag is prevented from being run with a dialog box titled "The Application Cannot Be Run" giving "Reason: JAR manifest requested to run in sandbox only."

如果您执行上述两个步骤,用户会收到更令人放心的消息(并且小程序可能仍处于沙盒状态):

If you do both steps above, the user gets a much more reassuring message (and presumably the applet remains sandboxed):

此应用程序将以有限的访问权限运行,旨在保护您的计算机和个人信息.

This application will run with limited access that is intended to protect your computer and personal information.

...如果他们选中信任发布者和位置的相关复选框,他们在下次打开浏览器并运行您的小程序时不会再次看到它.

...and if they check the relevant checkbox trusting the publisher and location, they don't see it again when they next open their browser and run your applet.

(在问这个问题的过程中,我找到了答案,但由于答案不在 Stack Overflow 上,我想我会继续发布问题和答案.)

这篇关于您可以签署 Java 小程序但将其保存在沙箱中(不授予它对用户计算机的完全访问权限)吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆