tags:

views:

634

answers:

2
+2  Q: 

Why does Java tell me my applet contains both signed and unsigned code?

My signed Java applet has been running fine until Java update 19. Now some but not all of our users on Java Update 19 report a java security message stating that our applet contains both signed and unsigned code.

The process for creating our applet is as follows:

1: Clean and Build the applet project in Netbeans IDE. 2: Open the Applet jar file in WinRAR and add the required mysql JDBC driver .class files to the jar file. 3: Sign the applet jar file.

Can someone please tell me how to determine what code is signed and what code is not signed in our applet? Is there a better way to include the mysql JDBC driver jar file in our applet other than copying the jar file contents into our applet jar file?

Thanks

+2  A: 

Mixing trusted and untrusted code together is a vulnerability that has been fixed in the 6u19 (the current CPU/SSR release at the time of writing). See the docs. Blocking the mix or using a debugger should show where the problem is.

Tom Hawtin - tackline  2010-04-09 14:54:24
useful: Trusted-Library: true
simpatico  2010-08-16 19:34:58
@simpatico Useful if you know what you are doing. Exceeding dangerous if you do not.
Tom Hawtin - tackline  2010-08-17 20:32:02
+2  A: 

Some things to try:

  • Go to the java plugin control panel ($JAVA_HOME/bin/ControlPanel).
  • Go to the Advanced tab.
  • Expand Debug
  • Check Enable tracing, Enable logging, and Show applet lifecycle exceptions
  • Expand Java console
  • Check Show console
  • Click OK (or Close, depending on your OS)

When your applet loads the Java console will open. Click on it and immediately press '5'. It will log the jars and classes being fetched to run your applet. Some where in this there should be a message indicating what jars or classes are consider "unsigned". If you miss it the first time, just reload the window to try it again.

Devon_C_Miller  2010-04-11 03:32:32
Adding this for future reference. Java 1.6u20 contains a fix documented as "Mixed code warning for class.getResource("directory/") in 1.6.0_19".
Devon_C_Miller  2010-04-20 21:22:23
Some where in this there should be a message indicating what jars or classes are consider "unsigned"What is the message? security: Istrusted: null false ??
simpatico  2010-08-16 19:37:15

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java