Documents describing approach/philosophy/architecture of future Java 7 Applet security improvements
Ludwig, Mark
ludwig.mark at siemens.com
Thu Aug 1 06:24:54 PDT 2013
Greetings,
I represent a commercial software organization with numerous signed Java Applets deployed by hundreds of large IT organizations around the world. Most are invoked by JavaScript. I don't know exactly how many end users we have, but it's safe to say it's >10,000 and perhaps >100,000. The application is for file management, so naturally the Applets are designed to work with user's directories/folders and files.
We have been mostly blind-sided by Java 7 Updates 21 & 25, and I fear that Update 40 will hit us again in some unexpected way.
We are trying to change our Applet architecture to align with the go-forward approach, but I can't seem to find any decent forward-looking information. Somewhere, probably inside Oracle, such plans exist. Are they secret? If not, can they be shared?
To be clear, those of us who understand how Applets work in browsers (including JavaScript integration) have known about most of the security problems that have been fixed already. What we need to know is the ordering/pacing of forthcoming security changes, so we have a chance of focusing our work to deploy patches to customers timed to align with the time when Oracle sends Java updates.
Thanks,
Mark Ludwig
Lifecycle Coll
Product Lifecycle Management
Siemens Industry Sector
Siemens Product Lifecycle Management Software Inc.
5939 Rice Creek Parkway
Shoreview, MN 55126 United States
Tel. :+1 (651) 855-6140
Fax :+1 (651) 855-6280
ludwig.mark at siemens.com <ludwig.mark at siemens.com%20>
www.siemens.com/plm
More information about the jdk7u-dev
mailing list