Oracle Forms

Like many people over the years, I was perplexed at the behavior of the java plugin (1.6.24) regarding the self-signed jacob.jar
(which is what you get if you follow oracle's instructions for signing it with sign_webutil.bat .
So the problem is with java coming up with this dialog when the user first encounters the signature:
"The applications' digital signature cannot be verified.
"Do you want to run the application?"
Name (blank)
Publisher UNKNOWN
From (url)
checkbox: Always trust content from this publisher
run/cancel

If you go to the second screen via (more information)
"this application will run with unrestricted access to
your personal files and other facilities (webcam,
microphone) on your computer.

The publisher name is unverified and therefore listed
as UNKNOWN. Run this application only if you trust the
source (web site) the application is from.

The digital certificate was generated with an untrusted
certificate.
"
and if they got to the 3rd screen they'd see the cert info finally but the plugin times out and quits before that. Only
a speed-reader would get to screen 3.

So this makes it look like checking the box enables
1. any code can run signed by any self-signed cert (as these would be interpreted as UNKNOWN). Which would be a horrendous
security problem.
_or_
2. any code can run signed by a self-signed cert from that url

But probably neither one of these is true because if you go in the java control panel you see that it did save the cert. (security,certificates)
despite never mentioning the name to the user.
So I predict that what the jre will do is run any code signed by that particular cert which is not what the dialog said at all. I see nothing
in there about that particular url (is it stored somewhere).

I really think oracle should change the wording on this dialog from plugin.