一個JAR檔案可以解壓縮和實際政策文件是文本可讀的,這樣你就可以評估實際政策本身(或比較與已知的散列作爲阿布舍克以上推薦)。
示例(無限制)default_local.policy
:
$ more default_local.policy
// Country-specific policy file for countries with no limits on crypto strength.
grant {
// There is no restriction to any algorithms.
permission javax.crypto.CryptoAllPermission;
};
例(限制)default_local.policy
:
$ more default_local.policy
// Some countries have import limits on crypto strength. This policy file
// is worldwide importable.
grant {
permission javax.crypto.CryptoPermission "DES", 64;
permission javax.crypto.CryptoPermission "DESede", *;
permission javax.crypto.CryptoPermission "RC2", "javax.crypto.spec.RC2ParameterSpec", 128;
permission javax.crypto.CryptoPermission "RC4", 128;
permission javax.crypto.CryptoPermission "RC5", 128,
"javax.crypto.spec.RC5ParameterSpec", *, 12, *;
permission javax.crypto.CryptoPermission "RSA", *;
permission javax.crypto.CryptoPermission *, 128;
};
的出口限制是不太可能改變移動,因爲EAR rules的當前狀態的前鋒,所以你倒是有漂亮安全只是做了grep
用於CryptoAllPermission
與*, 128;
。
你爲什麼不檢查文件,即。與甲骨文的下載網站提供的文件進行比較校驗,在JRE安全文件夾? –