The "Security Approval Required" dialog is inflexible and misses the point
Andrew Lutomirski
andy at luto.us
Tue Jan 22 11:43:54 PST 2013
On Tue, Jan 22, 2013 at 11:18 AM, Andrew Lutomirski <andy at luto.us> wrote:
> This is moved from Bug 1264
> (http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1264). The
> original bug is:
>
>> It is not at all obvious what "Do you want to run the application?"
>> means. I researched it a bit, and AFAICT it means: if the application
>> is signed (by anyone at all), then run it with full permissions; if the
>> application is unsigned, then run it sandboxed.
>>
>> If this is correct, then:
>>
>> 1. The dialog box should say so. If the app is signed, then it should
>> ask if you want to give the app full, unrestricted access to your
>> computer. If the app is unsigned, it should ask you if you want to run
>> the app in the sandbox.
>>
>> 2. Even if the app is signed, there should still be a way to run it in
>> the sandbox. I've yet to encounter a JNLP app in the wild that has any
>> legitimate reason to do anything other than access the internet, create
>> some temporary files, and occasionally use the file picker. Let me run
>> it in the sandbox, please.
>
> Here's a mockup of a possible improvement (as plain text):
>
> --------------------------------------------------------
>
> Title: Security Approval Required
>
> Big box on top: This application is requesting unrestricted access to
> your computer. Do you want to grant this access?
>
It's worse than this. AFAICT the same exact dialog box appears
regardless of whether <security><all-permissions/></security> appears
in the jnlp file. This is bad -- the presence of that tag changes the
meaning of the question being asked of the user, and the dialog box
should reflect that.
--Andy
More information about the distro-pkg-dev
mailing list