Conscious of criticism of Java security, Sun Microsystems plans to release an upgrade of the Java Developer's Toolkit this fall that will feature digital certificates, electronic passports used to verify that an applet is what it's advertised to be and not a hacker's tool masquerading as something else.
Java Developers' Toolkit 1.1 will let developers build Java applets that can be "signed" and encrypted at the server end, then decrypted for clients.
"We've been planning to do the digital signature stuff since last summer," said Marianne Mueller, Sun staff engineer. She says the addition of the technology is not a response to industry speculation over the security threat posed by rogue Java applets but was always part of the plan. Still, the upgrade will be well timed.
Mueller also cautions that digital certificates still need to be proven in real-world use. "We'll have to wait and see how well digital signatures scale to the Internet," she said.
Microsoft is turning to the same technology to provide security for its ActiveX component architecture, which otherwise lacks the built-in security features that Java uses to prevent applets from performing tasks such as reading or writing to a user's hard disk.
Some fear one bad applet spoils batch