Java-Gaming.org    
Featured games (91)
games approved by the League of Dukes
Games in Showcase (576)
games submitted by our members
Games in WIP (498)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Browser security nags (or lack of them!)  (Read 2038 times)
0 Members and 1 Guest are viewing this topic.
Offline Abuse

JGO Coder


Medals: 10


falling into the abyss of reality


« Posted 2008-11-16 00:31:50 »

Attempt to launch an exe -> browser nags you.
Launch a jnlp -> Java plugin nags you if necessary & you havn't accepted the certificate.
unsigned Applet -> obviously sandboxed.
signed Applet -> Java nags you if you havn't accepted the certificate.
signed Jar file -> Java nags you if you havn't accepted the certificate.
unsigned Jar file -> no browser nag, no Java nag, not sandboxed?

Given that even moderately security literate people won't realize a .jar file is a security threat that should not be clicked on willy-nilly, this seems to me to be a little bit of a security hole? (obviously in the browser, not Java per-se)
Or have I simply managed to turn off the nag message somehow?

Make Elite IV:Dangerous happen! Pledge your backing at KICKSTARTER here! https://dl.dropbox.com/u/54785909/EliteIVsmaller.png
Offline princec

JGO Kernel


Medals: 282
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #1 - Posted 2008-11-16 03:13:24 »

Looks like a proper hole to me. Strange that no-one's noticed it before,.

Cas Smiley

Offline zammbi

JGO Coder


Medals: 4



« Reply #2 - Posted 2008-11-16 03:54:37 »

I had notice this also a while back and thinking the same thing. But I guess you rarely hear of any harmful jar files.

Current project - Rename and Sort
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline Abuse

JGO Coder


Medals: 10


falling into the abyss of reality


« Reply #3 - Posted 2008-11-16 06:10:13 »

I had notice this also a while back and thinking the same thing. But I guess you rarely hear of any harmful jar files.

If that is indeed the case, it seems to beg the question as to what purpose the scary security warnings are serving in webstart =/ (except the obvious ill effect of scaring off some users)

Make Elite IV:Dangerous happen! Pledge your backing at KICKSTARTER here! https://dl.dropbox.com/u/54785909/EliteIVsmaller.png
Offline princec

JGO Kernel


Medals: 282
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #4 - Posted 2008-11-16 14:01:26 »

To be honest they serve no useful purpose at all. Any dodgy crim can get their code signed anyway.

Cas Smiley

Offline zammbi

JGO Coder


Medals: 4



« Reply #5 - Posted 2008-11-22 10:21:45 »

Seems chrome shows a message that that jar files can be harmful.

Current project - Rename and Sort
Offline hishadow

Senior Newbie





« Reply #6 - Posted 2008-11-23 06:42:45 »

In Firefox, the browser will ask if executing a jar. Maybe you have turned this on auto-accept at a previous time?
Pages: [1]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

xsi3rr4x (16 views)
2014-04-15 18:08:23

BurntPizza (14 views)
2014-04-15 03:46:01

UprightPath (27 views)
2014-04-14 17:39:50

UprightPath (12 views)
2014-04-14 17:35:47

Porlus (29 views)
2014-04-14 15:48:38

tom_mai78101 (51 views)
2014-04-10 04:04:31

BurntPizza (110 views)
2014-04-08 23:06:04

tom_mai78101 (211 views)
2014-04-05 13:34:39

trollwarrior1 (179 views)
2014-04-04 12:06:45

CJLetsGame (185 views)
2014-04-01 02:16:10
List of Learning Resources
by Longarmx
2014-04-08 03:14:44

Good Examples
by matheus23
2014-04-05 13:51:37

Good Examples
by Grunnt
2014-04-03 15:48:46

Good Examples
by Grunnt
2014-04-03 15:48:37

Good Examples
by matheus23
2014-04-01 18:40:51

Good Examples
by matheus23
2014-04-01 18:40:34

Anonymous/Local/Inner class gotchas
by Roquen
2014-03-11 15:22:30

Anonymous/Local/Inner class gotchas
by Roquen
2014-03-11 15:05:20
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!