[theora-dev] A thank you and question about the cortado jar

paranoid paranoid at dds.nl
Tue Jul 14 04:58:49 PDT 2009

Hi all,

Michael A. Peters wrote:
> I'd rather not package the jar file with the app, instead preferring to
> point to the jar file on theora.org as I then don't have to worry about
> releasing new versions because of bug fixes in the cortado jar. I will
> have configuration to point to local jar if that's what blog admin 
> prefers.
> Is what I'm doing kosher?

Timothy B. Terriberry wrote:
> Yes, we put it there for exactly this purpose.
> However, there's currently a minor technical problem, which is that
> Java's security model only allows an applet to open URLs from the same
> domain the applet is hosted on, unless the applet is signed. We've
> self-signed it, but this still requires the user to manually authorize
> the connection. Supposedly one can get around this by getting the applet
> signed with an appropriate certificate (e.g., one already trusted by the
> browser), but we've been unable to come up with a way to test that this
> actually works in a reasonable set of JVMs (e.g., Microsoft's) without
> sinking the $400 or whatever it costs to buy the certificate up front
> (if someone out there has ideas on this subject, please let us know).

What you can do instead, since you're working with PHP already, is use 
a cronjob or sth and just check if the jar file on theora.org is the most 
recent one. If it is not, download it first.

In stead of pointing to the jar file on theora.org, you point to your 
personal copy of the jar file on your own host and you don't have the Java 
security problem with certificates and updating manually.

Frank Keijzers

More information about the theora-dev mailing list