Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Sample Question - Applet Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Sample Question - Applet Security" Watch "Sample Question - Applet Security" New topic

Sample Question - Applet Security

Ajit Kumar
Ranch Hand

Joined: Jan 27, 2001
Posts: 81
Which statement is true?
A. Classes loaded into a browser from the local network are trusted
B. classes loaded into a browser from remote sources are trusted if they are signed
C. classed loaded into a browser from remote sources are trusted if they are in a signed jar file
D. classes loaded from a jar file on a remote source can sometimes be trusted even if the jarfile is unsigned.
E. classes loaded from a signed jarfile are trusted if the public key associated with the jarfile's signature is marked as trusted in the keystore.
The answer is given as D.
Is it correct.
I think the correct answer is E.
What do you guys think

ruilin yang
Ranch Hand

Joined: Feb 25, 2001
Posts: 334
D, and E seems all correct.
Please comments
Christophe Testi
Ranch Hand

Joined: Oct 29, 2001
Posts: 40
Hey guys,
Well the answer is D ONLY
Refer to :


    Also this has been already discussed recently. In my notes I have the following summary from another post:
    "�The keystore contains certificates, each of which which contains the public key of a trusted source, and which is named by an alias. These are certificates imported into keystore to run someone else's code.
    �Keytool can also be used to create your own public/private key pairs. Presumably, the private key would used to sign your own jar files, the public key what you would export to others who use your code.
    �When a java class executes, the security manager checks in the policy file to see if that codebase has permission to do what it wants to do. Also, if the grant entry has a "signed by" entry, then the security manager uses the "signed by" entry to look up the public certificate in the keystore (matching on alias). If it's there, then it's from a trusted source. The keystore to check is named in the keystore entry of the relevant policy file. "
    in other words even if keystore contains the applet certificate, that's is not enough to trust the applet.
    The policy files needs to grant permissions for this applet codebase. That's the new JDK 1.2 security model.


    [This message has been edited by Christophe Testi (edited November 06, 2001).]
    I agree. Here's the link:
    subject: Sample Question - Applet Security
    It's not a secret anymore!