I assume you have no idea how much time this would take.Furcube wrote:maybe rewriting AOM to Java would be better?
AniDB Java Applet?
Moderator: AniDB
I just wanted to point out qemu. It's a decent free alternative to vmware, which runs without a kernelpatch in userspace: http://fabrice.bellard.free.fr/qemu/nich wrote:I wouldn't mind if I could. But wine doesn't run aom (yet! PetriW said 0.6 should be much more wine friendlyRar wrote:Can't the small(?) proportion of non-windows users just use a windows emulator?[...]). And I'm not willing to use WMware.
Applet != Application !DonGato wrote:We're talking about a small app here. Not AoM replacement.
exp, the problem is that it has to be signed
An Applet runs enclosed in a Java VM in a browser and is heavily restricted by that sandbox. An Application runs in a Java VM outside of a browser but is not enclosed in a sandbox - it runs with the full privileges of the user account it's been started in.
The reason for this difference is simple: An applet can be forced on a user without the user being able to decide whether he wants to have it or not (as long as Java-Support in the browser is active) - visiting a website with an embedded applet suffices. An application, however, needs to be downloaded, stored in some folder and run manually or through an installer. In either way, it requires the user's attention and explicit command before it runs.
In that regard, a Java application is no different from any other binary program...
@DonGato: Sorry, that was a misunderstanding on my end.
@Furcube: No, applet signing works differently. Basically, the applet's classes are packed into a .jar file which includes a checksum and a digital signature. The user's webbrowser, or rather, the Java VM that browser uses, needs to be able to check the signature's authenticity which is done by looking for a x.509 certificate signed by a commonly well trusted certificate authority (such as Thawte, Verisign and other companies).
And that's the problem... Browsers only consider a certificate valid if they have the issuing root certificate authority's signing public certificate. If you sign the Java applet with a certificate you issued for yourself, the applet won't be run.
@Furcube: No, applet signing works differently. Basically, the applet's classes are packed into a .jar file which includes a checksum and a digital signature. The user's webbrowser, or rather, the Java VM that browser uses, needs to be able to check the signature's authenticity which is done by looking for a x.509 certificate signed by a commonly well trusted certificate authority (such as Thawte, Verisign and other companies).
And that's the problem... Browsers only consider a certificate valid if they have the issuing root certificate authority's signing public certificate. If you sign the Java applet with a certificate you issued for yourself, the applet won't be run.
It still implies in:kidan wrote:[...]I just wanted to point out qemu. It's a decent free alternative to vmware, which runs without a kernelpatch in userspace: http://fabrice.bellard.free.fr/qemu/
- Wasting space with a windows install (for a single program? no, thanks)
- Having a windows copy
But I guess this is getting a bit off-topic.
-
DonGato
- Posts: 1296
- Joined: Sun Nov 17, 2002 9:08 pm
- Location: The Pampas, The land of the Gaucho!
- Contact:
The purpose of this request was to have an easy tool everybody could use to hash their files and add them to AniDB without having to install anything, just by accessing the site and clicking over an option.
I don't think we need another AoM, unless exp wants to have a minimal application in C++ or Java (platform independent) to do such a task.
I don't think we need another AoM, unless exp wants to have a minimal application in C++ or Java (platform independent) to do such a task.
wasn't there a file in the jre directory which one could edit to give the needed privileges to an applet?DonGato wrote:exp, the problem is that it has to be signed (you need a certificate for that and it's $$$). And another problem is that we need to take in account the browser he is using as it seems it's different for each one. :?
what about a self-signed certificate which we make available for download and which the user has to add to his keystore before using the applet?
well, if some "simple" action by the user is required before the applet can be used (like installing the sun jre and maybe double clicking on some certificate file) that would also be ok, I'd say.DonGato wrote:The purpose of this request was to have an easy tool everybody could use to hash their files and add them to AniDB without having to install anything, just by accessing the site and clicking over an option.
BYe!
EXP
well, I'd say we go with which ever way is easier for the user to "install".Elberet wrote:As far as I'm concerned, I'd go with a single, self-signed certificate for code signing and have users install that as a trusted certificate. Doing that is one thing, but installing someone's certificate as a root CA is something completely different and shouldn't be taken lightly.
I don't think it makes much difference from a security standpoint if you install an "untrusted" certificate as trusted or root cert.
BYe!
EXP
the applet could as well install such certificates once it has been executed by the user with filesystem access permissions.Elberet wrote:It does. If you install it as a root certificate, the owner of the root cert could possibly issue certificates for other malicious reasons, such as fake webserver or email identities.
I don't see a big difference there.
BYe!
EXP