javaws CLI with Icedtea-web

Jiri Vanek jvanek at redhat.com
Mon Jun 30 16:07:36 UTC 2014 

On 06/30/2014 05:23 PM, Jacob Wisor wrote:
> On 06/30/2014 04:39 PM, Chris Lee wrote:
>> Hi Jiri
>>
>> Thanks so much
>>
>> To explain as well, what I am trying to do is use a specific proxy server and port for a specific website.
>> I had thought that a link to the CLI might be the quickest if I can get it working, If there is an easier way to configure, then I am open to suggestions.
>
> Try using Java's network configuration properties like http.proxyHost, http.proxyPort, https.proxyHost, https.proxyPort, ftp.proxyHost, ftp.proxyPort, gopher.proxyHost, gopher.proxyPort, socksProxyHost, socksProxyPort with the -J-D switch. For more information have a look into
> <JRE_HOME>/lib/net.properties.
>
>>> 1.4.1 is outdated. If you need for some reason to stay with 1.4, please update to 1.4.2, however - please swap to 1.5. It was released few month ago, is stable, and a a lot of fixes was fixed here.
>>
>> This installation is for the ATLAS experiment at CERN. For security reason, we are usually compelled to use what is available in the SLC repos, which unfortunately for me right now is 1.4.1
>
> If security is key to you, you shouldn't probably be using IcedTea-Web yet. Instead, resort to Oracle's Java Web Start implementation. This product is feature and specification complete, in contrast to IcedTea-Web. Java Web Start has most probably received far more security fixes and screening than IcedTea-Web. Personally, at the current stage of IcedTea-Web I would advise any enterprise or security aware user not to use IcedTea-Web.

I would not say this.

AFAIK(IMHO :) The ITW is more secure. The closed source Oracle javaws have unknown bugs lurking in hidden codebase.  The only known about it is, that it have huge (really huge. Maybe whole sun.com packages or similar) % of copypasted code from JRE inside. Well that measn duplicated code, that means incompatible and unfixable code.
All known security fxes for Oracle javaws and plugin are to JRE itself. So icedtea web have them all (as it is using JRE without copypasted code). As oposite, copypasted parts of closed plugin may not fit.

I would not even use "specification complete" - They have implemented the specification on their own, and are not able to discus any misleading hunks of it.  Even more. They are making some thngs which are not in specification, or are making them differently. Wee then need to ask ourselves - do we need to do it as Oracle  javaws, or should we follow specification?

 From that point of view itw may looks like specification incomplete, or more lenient, but we have actually no choice. What are trying (oporite to oracle) is to keep old appelts and javaws aps running. Not stop tyhem by really suspicious implementation of even more suspicious ( I would tell make in rush) specification.


No flame here, but I really must protest against ITW being insecure. If you wont to point to this, please provide hack(proof) first.

   J.

More information about the distro-pkg-dev mailing list