Originally Posted by forty2j
On the invalid certificate issue.. there are TONS of reasons why a certificate could be invalid, up to and including greed on the part of the certificate issuer.... In this particular case, it may be related to the fact it is Beta software - for testing purposes by hardy users only - and therefore a signed certificate hasn't been purchased yet. If that makes you uncomfortable then - while I can assure you there is nothing wrong here - your best plan may to be to wait for the official release.
|
That is in fact why the certificate is invalid. The certificate is "invalid" (in fact, valid for me, but invalid for you) because it is a self-signed certificate that offers no real guarantee of identity. If you really wanted the CA associated with the certificate, I could give it to you so you could install it to trust it, but there's really no reason for that.
Regarding permission sets, Java only offers two built-in:
- Applet permissions (create temp files, no spawning of processes, no accessing URLs outside of where it originated from)
- Full permissions (can do everything that a typical application can do)
Note that "Full permissions" is NOT asking for root on your computer or anything of the sort. It is simply asking for Java's full permission set. It still runs in the context of the current user, and thus I can simply do everything a typical application can do. In fact, one might argue this makes Java more secure in this regard, because I am asking for confirmation before I get anywhere that any other application could have done normally.
Minion actually installs its own intermediary permission set, known as the Minion Security Manager, which falls somewhere in between Applet permissions and Full permissions. This allows modules to run without being initially trusted, and users of Minion have already seen it in action. It offers more fine-grained security levels such as access to individual folders and servers. It is fully capable of blocking access to folders which you have not authorized (and some people have already had problems with Minion due to it being a bit paranoid, itself, and blocking modules when it should not have).