Firefox 35.0 on Ubuntu 14.04.1 LTS 64-bit always prompted for

Jiri Vanek jvanek at redhat.com
Thu Jan 29 09:52:41 UTC 2015 

On 01/28/2015 08:45 PM, Ongun Arısev wrote:
> I could not attach the screen shot to the previous e-mail, I apologize for that here it is.
>
> Ongun Arısev
>
> On Wed, Jan 28, 2015 at 9:43 PM, Ongun Arısev <ongunarisev at gmail.com <mailto:ongunarisev at gmail.com>>
> wrote:
>
>     Greetings,
>
>     I would like to mark some of the Java applications I use regularly such as the campus VPN
>     services as trusted so that I will not be prompted everytime I launch it about whether I am sure
>     or not running the application. However, I could not find an easy way after doing an exhausting
>     search on the web and using the *IcedTea Web Control Panel* both as a regular user and as an
>     administrator. I am posting a screenshot too in order to illustrate the prompt that I want to
>     get rid of. I would be very grateful if someone can assist or guide me in the right direction
>     with this problem.
>
>     Regards,
>
>     Ongun Arısev
>
>
hi!

Luckily for you, there is multiple solutions for your case.

If you have access to the application (as it is in your vpn, some administrator should be able to 
fix it)  then you should apply the most correct solution:

Most correct solution: adapt application manifest to valid state:
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/no_redeploy.html

In your case, the non-set/wrongly set attribute is 
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library
Your admin just can put :

Application-Library-Allowable-Codebase: https://vpn.ku.edu.tr/*

to main jar's manifest. (note, the application must be signed again after this change)

If you will go by this way, you may wont to fill in most of the rest security manifest attributes




Other solution are customization of your itw via itweb settings:
If you put
Extended applet security -> security settings  to LOW then
Application-Library-Allowable-Codebase attribute is not checked. (you could read this in the 
provided links in yor dialogue ;)


If you need Extended applet security -> security settings  on higher level then low, you have to 
modify  ~/.config/icedtea-web/deployment.properties file. If you will include line
deployment.manifest.attributes.check=false
then  manifest attributes are not ever checked.


If you set this up, and will access outside of vpn, you may face mallicious programs.


I strongly encourages you to use "most correct solution"



If non of those solutions fits you, then good new for you is, that in upcoming version of ITW (1.6) 
  this dialogue have "remember decision" checkbox. But you must wait for few month for it.


J.

More information about the distro-pkg-dev mailing list