Is there support for encrypted download of JAR files?
Support for encrypting data transferred from the server to the client is very important. This is an important point on our issue list, and we will definitely make sure that HTTPS libraries will work with applications that are launched with Java Web Start. The HTTPS support might be in an optional package that you need to specify that your application depends on. Encrypting the JAR files transferred from the server to the client may not be necessary. The reason is, even if the class files where encrypted on the wire, they will have to be decrypted on the client side and stored to disk, so the JVM will be able to load the classes. Thus, it could be fairly simple for a cracker to get around the encryption of the JAR files. Instead, what is important for JAR files is that they can be signed, so the user can be absolutely sure that the application is from the vendor he expect it to be from. This is already supported. The data that the application transferred between the client and the serve
Support for encrypting data transferred from the server to the client is very important. This is an important point on our issue list, and we will definitely make sure that HTTPS libraries will work with applications that are launched with Java Web Start. The HTTPS support might be in an optional package that you need to specify that your application depends on. Encrypting the JAR files transferred from the server to the client may not be necessary. The reason is, even if the class files where encrypted on the wire, they will have to be decrypted on the client side and stored to disk, so the JVM will be able to load the classes. Thus, it could be fairly simple for a cracker to get around the encryption of the JAR files. Instead, what is important for JAR files is that they can be signed, so the user can be absolutely sure that the application is from the vendor he expect it to be from. This is already supported.
