Drop-down menu: Signed applets

NOTE 1: as of September 2003, we will no longer be signing applets, as we no longer have any need for this, given that we now produce around 300 alternative drop-down menus which are more advanced than those older ones which required signing. Customers who purchase the signed applets will be delivered final signed versions of these applets compiled prior to September 2003. If for any reason an upgrade to a post-September 2003 variant is required, unsigned versions will be delivered for signing by the customer. Signing is a process which can be conducted by the customer without the original source code - it is a purely external operation. We can advise if necessary.

NOTE 2: as of July 2003, we are announcing the availability of around 300 alternative unsigned menus from our new offshoot site Alien Menus. This site further reduces the need to continue to rely on applet signing.

NOTE 3: as of January 2003, the release of the breakthrough version 8 series of X-Bars means that the information on this page is of historical/reference interest only. Signing is now only required for extremely limited and special purposes such as animated submenu explosions, mouse-over menu launching (as distinct from click-launching), remote submenu launching from outside the applet and some submenu form elements, such as text fields. We recommend all customers to switch to the new X-Bars unless they specifically require backwards compatibility for these special features.

Which applets need signing?

X-Bar Ultramenu I
iPOP Pro-X Powerbar I
iPOP Pro-X Powerbar II

Both signed and unsigned versions are included in the delivery packs.

Are most applets signed?

No. Signing is unusual. Especially for off-the-shelf applets.

What is signing for?

"Signing" allows applets to access a much greater range of functions. A signed applet can do almost anything a normal programme can do. An unsigned applet is heavily restricted.

What did you sign your applets for?

We signed them for about the most unexciting reason possible: namely, to get rid of the warning messages which most browsers attach to the bottom of java windows. These warning messages are inelegant and make the X-Bar/iPOP submenus look unprofessional. (There's hundreds of very powerful things you can do with signed applets, but we did not make use of any of these options).

Sounds good - any disadvantages?

Unfortunately yes. Before a site visitor can see a signed applet, they are faced with a "certificate acceptance dialogue" asking if they want to trust the applet. (More about this below).

Warning messages? Which browsers are affected?

All browsers. Except Netscape 4.5 through to 4.7 on Windows. Actually, it's only on Microsoft browsers that they are "warning" messages. On those Netscape browsers which show anything at all, there is just an untidy statement that the window is a java window.

Does signing get rid of the warning messages on all browsers?

IE for Windows (version 4 and higher) and Netscape for Windows (version 6). Netscape for Windows versions 4.5 to 4.7 don't have warning messages anyway. Warning messages remain on Mac (sometimes) and Unix/Linux. This probably means that warning messages get removed (or are not visible anyway) on over 95% of browsers currently in use at the time of writing.

Do I have to pay extra for this?

No - not if you use the packaged signed versions we supply.

But I've seen other companies with pop-up applets

They use "AWT menus" (like our X-Bar Menubar) or "simulated pop-up menus" (like our iMMap menus). These are alternative ways to do pop-up applets. But the applets we sign have their advantages: they are more attractive than system menus, and require much less screen space than simulated pop-up menus.

The certificate acceptance dialogue has your name on it. Aren't you just trying to get some free advertising?

IMINT.COM is a professional applet producer supplying to the top-end of the industry. We don't need free advertising and would not push it on our valued corporate customers. However the industry sets standards for applet signing. The acceptance dialogues are defined by companies like Microsoft and Verisign and we have little control over their appearance. In theory a signed applet can gain access rights to a user's computer and files - so the industry requires the manufacturer of a signed applet to identify themselves. We have no technical means to remove this identification. If we did, we would be law-breaking hackers. However we have worked hard and successfully on new drop-down technologies which now render signing unnecessary.

So this "certificate acceptance" dialogue - what does it look like?

The certificate acceptance dialogue for signed CAB files (Microsoft) is quite complex. You can view a sample of an IMINT.COM certificate acceptance dialogue and to compare a sample of a Macromedia Flash certificate acceptance dialogue. As you can see from both of these certificates, Microsoft allows the certificate to be accepted once and for all, for this session only, or not for this session. The certificate acceptance dialogue for signed JAR files (non-Microsoft) is much simpler.

So what happens if the user clicks "no"?

If the user clicks on "no", then the menu will still work 100% except that the warning messages will be attached to the bottom of the submenus. New feature (X-Bar Powerbars): if the user clicks "no", you can define a javascript alert prompt (triggered by the applet and defined in the applet parameters) to request the person visiting your site to try again and accept the certificate.

Will the user always see this dialogue?

If they check the box to "always trust" our applets, then they will not see it again. If you have regular site users, you should encourage them to check the "always trust" box.

Do the trial version dialogue and release version dialogue differ?

Yes. This is a screenshot of the release version dialogue.

Can I change the wording of the dialogue?

We can change part of the wording, including making comforting statements to your site visitor that it is safe and quick to accept. If we customise it for you this way, there is a charge. Contact us to discuss the wording. Click here for an example of an MSIE certificate dialogue showing exactly which bits we can change for you.

Can I get rid of your company name?

Yes - by buying your own certificates. Most people prefer to use our certificates, as this is cheaper.

How much does it cost to get my own certificates?

At least $400 per browser manufacturer per year (Verisign prices at time of writing). And if you need our help applying the certificates, this is charged extra. However we emphasize again: even our largest customers seem content to use our own certificates, so it's unlikely you will feel you need to worry about getting your own certificates.

On the Microsoft dialogue it says something about "installing" software - I thought applets were not "installed" but only temporarily held in cache while the page is being viewed?

The Microsoft dialogue is misleading in this respect. There is NO installation involved. The dialogue is just asking for permission to run the applet in "trusted" mode. It takes no longer to do this than to view any other applet.

Do I need the source code if I sign them myself?

No. And if someone tried reverse-engineering the applets to change the signing or apply their own, they'd simply be on the wrong track. Signing is done "outside" the applet after it has been compiled as a normal applet.

Surely you can get rid of these warning messages if you spend long enough thinking about the problem?

Yes. We did. It took more than 4 years, but we did it. (See top of page). We now have over 300 drop-down menu products and variants which need no signing and have no warning messages. This technology is absolutely unique to our company.

How do I use just the unsigned applet versions?

If you don't want your site visitors to see a certificate acceptance dialogue, then remove the CAB and JAR files and the CABBASE and ARCHIVE parameters. The applet will then work in its "unsigned" form, which means that the menu will still work 100% except that the warning messages will be attached to the bottom of the submenus.

What other solutions exist if I don't like this signing stuff?

drop-down menus

I've heard that certificates have expiry dates. Do I have to come back to you every year for a new version of the signed applet?

The signed CAB files (Microsoft) carry a "timestamp". Provided the CAB file was signed on a date when the certificate was valid, then the signing remains valid without limit. Even if our certificate expires, your signed CAB file still has its enhanced abilities.

The signed JAR file is required for JRE-users only and expires annually. While we condemn Sun and Symantec for failing to provide timestamping, we cannot change their policies. Free annual upgrades will be supplied until the technology is deemed obsolete (September 2003).

This FAQ is very long - does this mean it is complicated?

No. It means that we get asked a lot of questions. But it is very simple to use signed applets. We did the complex stuff for you when we made the applets.

So how do I implement the signed applets?

Just follow the instructions here.

© Image Intelligence Software Ltd. 1997-2003
Legal information and privacy policy