■MIDlets in the minimum domain are denied all permissions.
■The untrusted domain provides a high level of security for applications whose origins and authenticity cannot be determined. The user is prompted frequently when the application attempts a sensitive operation
■The trusted domain is a happy place for MIDlets where all permissions are granted.
■The maximum domain is equivalent to trusted.
When you press the Run button to run your application in the emulator, your code runs in the untrusted protection domain by default. You can change which protection domain is used by choosing Edit > Preferences... from the KToolbar menu. Select the Security tab. You can now choose the default protection domain from the combo box.
Things are different when you use Run via OTA. Your packaged MIDlet suite is installed directly into the emulator, and it is placed in a protection domain at installation time. The emulator uses public key cryptography to determine the protection domain of installed MIDlet suites.
If the MIDlet suite is not signed, it is placed in the untrusted domain. If the MIDlet is signed, it is placed in whatever protection domain is associated with the root certificate of the signing key’s certificate chain.
For example, suppose Respectable Software, a hypothetical company, wants to distribute a cryptographically signed MIDlet suite. Respectable Software buys a signing key pair from
The J2ME Wireless Toolkit provides tools to sign MIDlet suites, manage keys, and manage root certificates.
6.3Signing a MIDlet Suite
To sign a MIDlet suite, you must package it first. Then choose Project > Sign from the KToolbar menu. The signing window appears.
Chapter 6 Security and MIDlet Signing 51
