[Bug 1264] The "Security Approval Required" dialog is inflexible and misses the point

Mon Jan 21 10:44:37 PST 2013

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1264

Andy Lutomirski <andy at luto.us> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|The                         |The "Security Approval
                   |                            |Required" dialog is
                   |                            |inflexible and misses the
                   |                            |point

--- Comment #1 from Andy Lutomirski <andy at luto.us> ---
[This isn't a bug in the sense that the Sun/Oracle version has exactly the same
problem.  Nonetheless, there is a lot of room for improvement.]

It is not at all obvious what "Do you want to run the application?" means.  I
researched it a bit, and AFAICT it means: if the application is signed (by
anyone at all), then run it with full permissions; if the application is
unsigned, then run it sandboxed.

If this is correct, then:

1. The dialog box should say so.  If the app is signed, then it should ask if
you want to give the app full, unrestricted access to your computer.  If the
app is unsigned, it should ask you if you want to run the app in the sandbox.

2. Even if the app is signed, there should still be a way to run it in the
sandbox.  I've yet to encounter a JNLP app in the wild that has any legitimate
reason to do anything other than access the internet, create some temporary
files, and occasionally use the file picker.  Let me run it in the sandbox,
please.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20130121/ba74e32a/attachment.html 