[RFC][IcedTea-Web]: Change #4 (PersistenceService) of new JNLP specification (v7.0)
omajid at redhat.com
Wed Jun 8 13:44:45 PDT 2011
On 06/08/2011 04:19 PM, Saad Mohammad wrote:
> On 06/08/2011 03:52 PM, Omair Majid wrote:
>> app = JNLPRuntime.getApplication();
> I am looking into ApplicationInstance.isSigned at the moment, and I will
> try running some test to see if it is actually a better method to
> determine whether the application has a signature.
Please do NOT use ApplicationIsntance.isSigned(). Deepak himself patched
checkAccess to avoid using ApplicationInstance.isSigned. It is not
enough. You can have unsigned applications calling privileged code which
does doPrivileged() operations. I think it's completely fine to allow
them to use PersistenceService.
> I will get back with
> that soon. Deepak is also right about having a nested if condition, I
> will fix it with &&. I will also create a method within ServiceUtil to
> avoid having duplicate code and will email my updated patch soon.
I look forward to it.
More information about the distro-pkg-dev