getCodeBase broken locally in 7 update 25
Doug Stiring
d.stirling at massey.ac.nz
Tue Jul 2 22:51:37 UTC 2013
> From: Sandeep Konchady [mailto:sandeep.konchady-
QHcLZuEGTsvQT0dZR+AlfA at public.gmane.org] Sent: Wednesday,
June 19, 2013 7:40 PM To: Mickey SegalCc: Java SecuritySubject:
Re: getCodeBase broken locally in 7 update 25
>
> Hi Mickey,
>
> The issue you are seeing is intended behavior. This was caused because
of a vulnerability that was fixed in 7u25 in which which a getCodeBase call
against all local applet/jnlp apps will return null.
>
> Thanks,
> Sandeep
>
>
Hi,
Is there a way that works to read a PNG file in the "codebase" directory into
a Java Image, when the applet is locally installed?
I have tried a few alternatives to "getCodeBase()" such as
"getClass().getResource()" but all end up with a null URL.
If a locally installed applet can use nothing but its ".class" files, you might
as well forbid local applet.
Doug.
More information about the security-dev
mailing list