Sign and Seal ESAPI JAR

[GoogleCodeExporter]

I think there's several places that it could help. Some things I am thinking of:

1) Start with ESAPI signing and sealing its own jar. You have to
   eat your own dog food to get any credibility.
2) Provide ESAPI class that checks the validity of a signed jar file
   at runtime. Enable it by default to check ESAPI jar the first time
   it is loaded. (This is pretty easy to do.)
3) Provide a class loader that does various security checks on loaded
   jars; e.g., make sure that jars are loaded from "secure" directories,
   make sure directories in class path are fully-qualified, if jar is    
   signed,validate signature of jar.

Original issue reported on code.google.com by manico.james@gmail.com on 11 Nov 2010 at 3:16

[GoogleCodeExporter]

Original comment by manico.james@gmail.com on 11 Nov 2010 at 1:54

• Added labels: Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

Original comment by manico.james@gmail.com on 29 May 2012 at 3:22