Jar's CodeSigner null on Java 10, non-null on Java 8
Alan Bateman
Alan.Bateman at oracle.com
Sun Oct 7 17:26:32 UTC 2018
On 07/10/2018 18:08, Scott Palmer wrote:
> Thanks Alan. I think this is exactly the issue I was hitting.
>
> Is it currently not possible to ensure modules have not been tampered with?
>
The signature checking for signed JARs on the module path is the same as
that done for signed JARs on the class path. So if your signed JARs has
been tampered with you should get an exception at startup.
-Alan
More information about the security-dev
mailing list