sign jnext using one of public CA
2 views
Skip to first unread message
Mahmoud
Jan 21, 2009, 2:33:59 PM1/21/09
to jNext discussion group
I might use jnext.ocx and socket.dll in my web site so i've do cabinet
file to auto install this control in the client side.
so i'm planning to sign this cab file under one of public CA to get
valid verify certificate.
does jnext owners have any problems with that ?
file to auto install this control in the client side.
so i'm planning to sign this cab file under one of public CA to get
valid verify certificate.
does jnext owners have any problems with that ?
Amnon
Jan 22, 2009, 3:49:01 PM1/22/09
to jNext discussion group
The code is currently covered by the MPL license, and to the best of
my knowledge there is nothing in there that prevents you from
repackaging it in your application (which includes signing it).
However, standard rules apply - i.e the name JNEXT should not be
included in the product or used to endorse or promote it.
As I mentioned in the site, JNEXT can be a dangerous security hole if
not used correctly, and currently it is definitely unsafe to be used
on public sites (regardless if it is signed or not) - in your case, if
someone hacks your site, the hacker can cause a lot of damage by
changing the JavaScript code and using the computers of the visitors
of your site for a wide range of attacks (just by having access to
sockets).
I'm working on a complete solution to the security issue but due to
other constraints its taking a bit longer than planned.
-Amnon
my knowledge there is nothing in there that prevents you from
repackaging it in your application (which includes signing it).
However, standard rules apply - i.e the name JNEXT should not be
included in the product or used to endorse or promote it.
As I mentioned in the site, JNEXT can be a dangerous security hole if
not used correctly, and currently it is definitely unsafe to be used
on public sites (regardless if it is signed or not) - in your case, if
someone hacks your site, the hacker can cause a lot of damage by
changing the JavaScript code and using the computers of the visitors
of your site for a wide range of attacks (just by having access to
sockets).
I'm working on a complete solution to the security issue but due to
other constraints its taking a bit longer than planned.
-Amnon
Reply all
Reply to author
Forward
0 new messages