J (banana) wrote in java_dev,

Heads up for people who write webstart or applets


You used to be able to sign your code with a self-signed certificate. It's close to not signing it at all, but the user could then agree to trust you for ever more. I have a few webstart apps publicly available, and more at work. Soon they will stop working. My choices will be:
  • pay hundreds of dollars for a proper certificate (extremely unlikely)
  • persuade the users to install "Deployment Rule Sets" to allow my stuff to run (almost as unlikely)
  • get the users to run the code locally without webstart (completely insecure, and I'll probably need to make an installer)
I don't see who wins here.
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.