Security issues in a Free Ebook Reader that I am developing
Please Login to Remove!
Hi All,
I am developing a free ebook reader for blackberry. The website is berryreader.sourceforge.net . No code has been released yet. The ebook will consist of a reader application and a set of interfaces for book publishers to implement.
Books will be loaded as external modules. They will all implement the IBook interface. However I don't want to force these external modules (books) to be signed. And this puts up a security issue, which I am not sure how to handle.
The ebook reader (which will be signed module), will load a third-party class (which may not be signed) and call its methods to get data. So my questions are:
1. Will the unsigned third-party module get privileges of a signed module, since it is being run inside a signed application?
2. If the answer to 1 is yes, is there any way to prevent it.
3. Is there any way to check whether a given module is signed or not, without instantiating a class. (CodeModuleManager.getModuleHandleForClass requires 4.1.0)
|