Integrating native Open GL code in JavaFX and alternatives

[Richard Bair]

On Jan 25, 2013, at 1:58 PM, Daniel Zwolenski <zonski at gmail.com> wrote:

> Regarding the security issue is it worth considering the option that there are features in javafx that just aren't allowed in the web sandbox ever? 


Absolutely.

I've written and removed a response here several times -- with security issues in the news as they are I can't go into a detailed description of the security concerns. I can say that just about all the security exploits are ones where the attacker has circumvented the sandbox. I would be perfectly comfortable to say that this feature requires the app to be signed by a trusted authority (i.e: not self-signed and certainly not unsigned). We have no mechanism today for omitting a feature entirely for the web deploy case (everything here applies to both JNLP and applet use cases), all we have are mechanisms to disallow their usage. The mere presence of an API provides an enlarged attack surface, so even if we said "this can only be used by trusted apps", we're still in the position of having to be careful about the implementation to make sure that it is secure.

That is, we have to deal with the security aspects of exposing something this fundamental, regardless of whether we wish to allow access to this feature from untrusted apps or not, and that is extra work, not something that can be done quickly (unfortunately attackers are quite clever and quite smart and it takes a lot of effort to thwart attempts at circumventing safe guards).

Richard