[icedtea-web] Idea - do not start ITW applets automatically
Adam Domurad
adomurad at redhat.com
Fri Nov 16 08:50:59 PST 2012
On 11/16/2012 03:30 AM, helpcrypto helpcrypto wrote:
> [..snip..] So, any Java Applet execution could require an additional
> "security control" before running, no matter signed or unsigned.
> Again, IMHO, the real problem is that users are not "skilled enough",
> and usually click without worrying, what makes the measure useless,
> and make the user tend to ignore more warnings. (eg: Remember the
> annoying Vista User UAC?)
I don't think pop-up security controls are good here for exactly the
reasons you mention.
The idea is more for users who want to use a handful of applets but are
not interested in applets beyond that. I'm thinking there will be one
setting that has them on the page with the usual applet area, and a
'click to begin'. Another setting would disable non-opted in applets
completely. This would be fairly good against an applet hidden on some
corner of a site trying to sneak in a sandbox breach - the user would
probably not even realize it was there (with it not being able to run
any code).
For signed applets I'm considering whether it'd be useful to have the
user click to start the applet as well, as you say pop-up security
controls tend to be auto-accepted.
> I think "trust for domain" is a good alternative, as it will only
> appear "once" in the event user allow it the first time. What about
> subdomains? Another thought: altought my applet can import certs into
> cacerts keystore (hence marking himself as trustworthy), IMHO it
> shouldn't be possible to add a domain as "trusted-to-run-applets" from
> an applet.
Good point. Per-domain is probably better here (although do note you
would get a mixed signed/unsigned code warning here).
Thanks for the continued interest in/discussion of ITW! It's really
appreciated.
-Adam
More information about the distro-pkg-dev
mailing list