Web start sandboxing and security
helpcrypto helpcrypto
helpcrypto at gmail.com
Wed Dec 4 02:37:38 PST 2013
Hi
I dont know if the same rules apply to Java Applets.
In our case we use a crypto applet to sign documents using user
certificates.
Said so, i think providing user "less options" is sometimes better/easier
for them. A "yes/no" dialog is much simpler than a multiple selection
option.
Anyhow, I understand your concerns, and considering Google is "switching
off" Java (Chrome is a big part of browsers market share), i suggest you
"moving out" from Java Applets/JNLP. ;)
Considering unsigned apps are run on a sandbox (without risks for the
user), and signed are "dangerous", probably showing the user the
application required permissions (by the permissions attribute on the
manifest) will be ok, but we (as many pthers) will just put
"all-permissions", so at the end, it will be the same.
BTW: Do end-users really read? xD
On Mon, Dec 2, 2013 at 10:04 PM, Andy Lutomirski <luto at amacapital.net>wrote:
> On Sun, Dec 1, 2013 at 11:39 PM, Jiri Vanek <jvanek at redhat.com> wrote:
> > On 12/01/2013 02:24 AM, Fernando Cassia wrote:
> >
> >>
> >> On Fri, Oct 18, 2013 at 3:14 PM, Andy Lutomirski <luto at amacapital.net
> >> <mailto:luto at amacapital.net>> wrote:
> >>
> >> Even if the app is signed, there should still be a way to run it in
> >> the sandbox. I've yet to encounter a JNLP app in the wild that has
> >> any legitimate reason to do anything other than access the internet,
> >> create some temporary files, and occasionally use the file picker.
> >> Let me run it in the sandbox, please.
> >>
> >>
> >
> > This is intresting idea, to have "Aplication is signed, trust/dont trust"
> > dialog extedned to "Aplication is signed, trust/dont trust/run in
> sandbox"
> >
> > I'm not sure how hardor even safe will be to implement it, but there can
> be
> > anther solution. Andrew Azores is working on policy.tool, which should
> do
> > exactly waht you wont.
> > Although application X is requesting permissions A B C, you specifi in
> > policy file that it can use only eg B. So when app. X will request A
> and C
> > it will get permission denied.
> > Is it what you wont?
> > Maybe when this will be safely in and tested, we can add the "run in
> > sandbox" button, which will just create tmo policy for application.
>
> That would be great.
>
> >
> > However this development is tricky work, and althogh we are trying to
> get
> > it into next (1.5) release, we are not sure if we will make it.
> >
>
> In the mean time, I'd still consider a change to the text in the UI to
> be a considerable improvement.
>
> --Andy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20131204/ca167e43/attachment.html
More information about the distro-pkg-dev
mailing list