Blogging Roller

OK, so I was wrong about about applet security. When I first tried Ekit, I found, as Russell did, that you cannot copy-and-paste into a Java applet from another application. I found that if you drop the applet jar, ekitapplet.jar in this case, into the trusted extensions directory of your Java Plugin JRE then copy-and-paste works fine. But then, I found that you cannot access the applet via JavaScript if the JavaScript is loaded from one place (rollerweblogger.org) and the applet is loaded from another place (my PC).

I have finally come upon a solution that is less expensive than paying the $200 plus $100/year to Thwaite for a digital certificate. I just put the following into my Java Plugin JRE's java.security file:

   grant codeBase "http://rollerweblogger.org/ekitapplet.jar" {
   permission java.security.AllPermission;
   }                                                                                        

Now, this is fine for me because I trust myself. But, for example, what if Anthony Eden was to ask his users to do this, substituting roller.anthonyeden.com for rollerweblogger.org in the above snippet? Anthony would be asking his users to trust in the following things:

• Neither Howard Kistler, Dave Johnson, nor Anthony Eden have put malicious code in Ekit
• An evil hacker will not break in to Anthony's site and replace ekitapplet.jar with malicious code

Is that too much to ask of Anthony's Roller users? If it is, then we need to buy a certificate for Ekit and hope that this one certificate would be good for all Roller users.

BTW, this is my first Ekit post using Mozilla.