[icedtea-web] Idea - do not start ITW applets automatically

Fri Jan 18 11:33:55 PST 2013

On 01/18/2013 06:47 AM, Jiri Vanek wrote:
> [..snip..]
> Yy, this pop up is definitely first step. (but imho it should be 
> already accomapanied by always/never/ buttons and radio swithch 
> applet/page/domain

IMO just applet for starters, easier to fully test before pushing out.

>
>>
>> Can't applets be smaller than a comfortable button size (and 
>> potentially hidden somewhere) ?
>
> exactly - one of the reasons of this mechanism, that invisible appelt 
> is not  launched without warning. Imho 0x0 size appelts should be even 
> more restricted (but 1x1 appelt is still in same way dangerous .. :-/ 
> (so probably no op)
> Maybe we can write size to the information dialogue;) 0x0 px should be 
> saspicious to everybody (we can add explaining message also)

Might be worthwhile, although I don't think many people would know what 
to do with this information.

>
>> If we do go the route of having a details button in the applet, I 
>> think we'll have to still implement a size threshold. For small 
>> applets I think we shouldn't risk cramming in detail.
>
> Agree, What about three thresholds then? eg >100px - full info in 
> applet's pane, 100-20 details button, lesser direct popup.

Probably, by the final iteration.

>>
>> I think for applets big enough having the confirmation details on the 
>> applet itself would be great -- in fact this would be an improvement 
>> even for accepting applet signatures in my opinion (although we may 
>> risk dropping important details). But, small applets (<100px) should 
>> always have a pop-up I think.
>
> Interesting idea :)
>
>>
>> Since a page can have many small applets, I think we should add a 
>> site to a 'temporary whitelist' once you accept an applet can run, 
>> and all applets on the page run. They will continue to run if you 
>> enter the site in the same session (a malicious applet will 
>> immediately do something nasty the first time -- no significant 
>> further risk I'd think of running it twice). Same way if you reject 
>> an applet, it will reject all applets on this page in the current 
>> session (possibly with message on applet "Applet denied for current 
>> session".)
>
> Also interesting - if first appelt will be ok for page/domain then 
> others really could be launched autoamticaly.
> But what if there will be first, some nice animation/game, and lower 
> will be some malicious invisible one?

Ya good point, should be per-applet. The white/black-list will need to 
be per-applet too (only setting for iteration 1 at least), which I 
hadn't considered. We'll probably have to use the concept of applet 
'unique key' here.

>
> Also I'm not sure if t will be possible to implement it correctly.
>
>
> J.