[RFC][icedtea-web] Update security dialogs to be more descriptive

Danesh Dadachanji ddadacha at redhat.com
Wed Jul 18 13:12:02 PDT 2012


On 18/07/12 04:10 PM, Danesh Dadachanji wrote:
> Hello,
>
> The following patch fixes RH838417 and RH838559. [1][2]
>
> It adds the following message along with the description to dialogs that are shown when a jar cert is unverified or has signing errors:
> "The code executed will be given full permissions, ignoring any java policies you may have."
>
> I've also added the warning.png icon to HTTPS cert dialogs.
>
> You can test the patch using this[3] website or see my attached image. =)
>
> ChangeLog:
> +2012-07-18  Danesh Dadachanji  <ddadacha at redhat.com>
> +
> +    Update message to security dialog, explicitly telling users they will be
> +    executing code that has AllPermissions and ignores policy files.
> +    * NEWS: Added entries for RH838417 and RH838559.
> +    * netx/net/sourceforge/jnlp/resources/Messages.properties:
> +    Added SWarnFullPermissionsIgnorePolicy and updated SHttpsUnverified.
> +    * netx/net/sourceforge/jnlp/security/CertWarningPane.java: Display
> +    SWarnFullPermissionsIgnorePolicy if the cert is from a jar and is either
> +    unverified or has a signing error. Also added warning.png to HTTPS dialogs.
> +
>
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=838417
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=838559
> [3] https://www.portalbank.no/1100/

Woops, forgot to mention, I'd like to push this to 1.2, 1.3 on top of HEAD if others think it's okay.

Cheers,
Danesh



More information about the distro-pkg-dev mailing list