• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Paul Clapham
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Roland Mueller
  • Piet Souris
Bartenders:

Recording audio from applet (security problem)

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi!
I need to record audio with a java web based application from internet users.
Java Applet Policy doesn't allow record/play audio by default. You must certify and sign your applet, which is expensive and i'm only doing it for an academic project.
The other option is make the users change theirs policy files with policytool, but it's tedious for users, and also it's dangerous (if i tried to make something evil with their audio ), so much of them wouldn't like to do it.
I've been trying to pass this part of code to a servlet, but how on earth will the server know about the correct microphone, mixer, etc. that is using the client?
Please could anyone give me a solution, with or without servlets?
 
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Eva Adams:

I've been trying to pass this part of code to a servlet, but how on earth will the server know about the correct microphone, mixer, etc. that is using the client?


A servlet isn't going to help you for exactly the reason you cite here. You need privledged code running on the client. How about using Java Web Start to deploy the application to your clients?
EDIT: Upon further review, JWS requires that code that operates outside the sandbox be signed. However, the developer's guide describes how to create and use a "Test Certificate". Perhaps this is Good Enough for your purposes? Could probably use the test cert with an applet. . .
[ January 14, 2004: Message edited by: Joe Ess ]
 
Eva Adams
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the information, but i have the idea that test certificates must be signed by an authority like veriSign to be valid; and that cost money. Am i wrong? is there any possibility of getting a free (maybe with less permissions, etc) certificate?
Thanks in advance,
Eva
 
Joe Ess
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The developer's guide describes creating a self-signed certificate:


The Java Web Start software presents a dialog displaying the application's origin, based on the signer's certificate, before the application is launched. Thereby allowing the user to make an informed decision whether to grant additional privileges to the downloaded code, or not.
. . .
Please note that a self-signed test certificate should only be used for internal testing, since it does not provide any guarantees about the identity of the user and therefore cannot be trusted. A trust-worthy certificate can be obtained from a certificate authority, such as VeriSign, and should be used when the application is put into production.


So it is different from a "trust-worthy" certificate that one would purchase. Try creating a self-signed cert, create a simple applet that opens a file on a user's local machine and try it out. If it works, you are in business.
 
Eva Adams
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Joe
I'll try it
Eve
 
Eva Adams
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi again
I've self-certified my jared applet with keytool/jarsigner, which it's suppossed to work with Java Plug-in. Since i used html-converter tool my applets execute directly with java VM and not with browser VM versions; so i haven't made more certifies (as .cab for microsoft, etc.)
Well it seems browsers ignore the certify and no even gives me a warning message asking if i trust the certificate or not, when i load the applet. Then, access to record audio is still denied.
Anyone knows what's the problem?
Sorry for boring you with this matter
Eva
 
Joe Ess
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I ran through the example of creating a jar and signing it and I had some trouble at first. The JVM was picking up the .class files from the same directory I had the jar file so they weren't using the signed versions. I deleted the .class files and it works. In IE and Mozilla Firebird. It doesn't work with Appletviewer (SecurityException).
 
reply
    Bookmark Topic Watch Topic
  • New Topic