Java-Gaming.org    
Featured games (81)
games approved by the League of Dukes
Games in Showcase (498)
Games in Android Showcase (115)
games submitted by our members
Games in WIP (562)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1] 2
  ignore  |  Print  
  article on Security Warning enhancements in 6u10-12  (Read 6327 times)
0 Members and 1 Guest are viewing this topic.
Offline trembovetski

Senior Member




If only I knew what I'm talking about!


« Posted 2009-03-12 16:16:32 »


This could be interesting for folks around here:
  http://java.sun.com/developer/technicalArticles/GUI/SecurityWarning/AppletWarning.html

The article discusses the evolution of the warning banner, and also explains the new API for specifying the location of the warning icon..

Dmitri
Offline princec

JGO Kernel


Medals: 379
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #1 - Posted 2009-03-12 17:11:08 »

It still doesn't appear to be much use Sad I think the whole thing needs rethinking a bit.

<edit>Also why is it that when I go to see demonstration code, not even Sun uses applets?? Can you even imagine a Flash site not showing its demos off as Flash applets?

Cas Smiley

Offline trembovetski

Senior Member




If only I knew what I'm talking about!


« Reply #2 - Posted 2009-03-13 06:33:41 »

Good point about the demos. I'll pass it on.

Dmitri
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline trembovetski

Senior Member




If only I knew what I'm talking about!


« Reply #3 - Posted 2009-03-16 18:10:05 »

To clarify: the demo is there, but it's not an applet but a webstart-ed app.. Is that what you meant?
Offline princec

JGO Kernel


Medals: 379
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #4 - Posted 2009-03-16 19:20:16 »

Yeah. This stuff should be easily demonstrable in applets shouldn't it?

Cas Smiley

Offline SimonH
« Reply #5 - Posted 2009-03-16 19:45:55 »

I expected an applet too.

Edit: Hmmm - update 12...

People make games and games make people
Offline atomhamster

Senior Newbie





« Reply #6 - Posted 2009-03-16 22:07:29 »

it's funny they don't work on resolving those issues, but make them more appealing to the eye.
users still will be appalled by them, no matter how nice.
Offline Markus_Persson

JGO Wizard


Medals: 15
Projects: 19


Mojang Specifications


« Reply #7 - Posted 2009-03-18 08:21:34 »

And they SHOULD be, or it would be a huge security issue.
It's trivial to make an invisible applet pop up a window identical to, say, an msn messenger login dialog.

Play Minecraft!
Offline Mr. Gol

Senior Member


Medals: 1



« Reply #8 - Posted 2009-03-18 09:01:37 »

The warning icon in u12 is really much better, I can't imagine that someone would have problems with it.
Offline princec

JGO Kernel


Medals: 379
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #9 - Posted 2009-03-18 10:44:26 »

And they SHOULD be, or it would be a huge security issue.
It's trivial to make an invisible applet pop up a window identical to, say, an msn messenger login dialog.
I suspect that the little warning triangle wouldn't stop the sorts of people dumb enough to fall for that from entering their ID and password anyway.
Perhaps that warning dialog just needs to be a whole lot friendlier looking - ie. assume applet is friendly.

Cas Smiley

Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline atomhamster

Senior Newbie





« Reply #10 - Posted 2009-03-19 16:41:42 »

It's trivial to make an invisible applet pop up a window identical to, say, an msn messenger login dialog.

maybe java applets are not as wide spread, because you can't do that  Smiley

or was that a joke?
if not:

sure, java could do that, but even html could look like msn messenger. what's the deal?

sun could go and warn people starting their browsers?
for a browser plugin, the sandbox should be anything in memory, a local cache (minimal or based on browser cache) and the web.
exclude system wide file access and other sensible system features and thats it.

essentially that would be about on par with flash (maybe not technically, but from user experience) and flash is also a common resident on your browser.
Offline princec

JGO Kernel


Medals: 379
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #11 - Posted 2009-03-19 17:43:29 »

The other part is... you could still make a signed applet that did that, and people would still click yes on it. Some won't, but how are you to know whether the app's actually doing anything unsafe or not?

Cas Smiley

Offline Markus_Persson

JGO Wizard


Medals: 15
Projects: 19


Mojang Specifications


« Reply #12 - Posted 2009-03-20 09:42:54 »

Er, the point is that the signed applet acceptance dialog should CLEARLY point out who signed the applet, and the user should be able to trust this (because the certificate is, in turn, signed by a trusted root). If the source of the signature can't be located, this should also be CLEARLY pointed out to the user.

Then it's not an issue of "do I trust this random website", but "do I trust this company".

Allowing unsigned applets to pop up arbitrary new windows is a massive security issue. Not having the warning about sign origin be clear is also a massive security issue.

I want java to stay something people consider fairly safe to use. If a lot of phishing attempts start using java popups, it's going to start hitting the news, leading to IT managers removing java from the installations even more than now. And in the long run, it's going to lead to a lot of bad-will.
Just look at what happened to activex. It was a great technology, but the security wasn't there.

Play Minecraft!
Offline princec

JGO Kernel


Medals: 379
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #13 - Posted 2009-03-20 10:47:40 »

I think possibly a default setting of "show nothing if it's properly signed" would be best for the general population, and "show scary dialog" if it's not properly signed, and "prevent it running at all" if it's unsigned. At issue is the nature of the trust granted by signed code.

Consider:

Fancy match 3 game applet wants to access filesystem to scour credit card details or somesuch - crim signs it properly - users will click Yes, give me all permissions anyway, in order to get to the content. We can see here fairly clearly that signing has protected no-one: users click Yes when they want to see stuff. That's why they are happy to download and install things too - they want to see stuff. Unfortunately there's a proportion of paranoids that won't click Yes on anything - and doubly unfortunate because they are right to do so.

How can this be solved?

One thing I had thought of is that being signed by Sun would endorse something as safe, and require no verification dialog. We could, f'rexample, get LWJGL signed by Sun and that'd help our applets a lot. Or someone could write a sandbox filesystem implementation that allows free capped access to just a single safe directory effectively giving applets limited but significant safe storage. Etc. I dunno, but it's the only workable solution I could think of. Either that, or Sun become a CA and perform QA on applets to ensure they're not doing anything sneaky.

Cas Smiley

Offline kappa
« League of Dukes »

JGO Kernel


Medals: 77
Projects: 15


★★★★★


« Reply #14 - Posted 2009-03-20 11:19:57 »

I also agree that a special golden certificate should be supported which does not show any dialog. This would make things like JavaFX and hardware accelerated applets (e.g. LWJGL, JOGL) a much better experience.
Offline Matzon

JGO Knight


Medals: 19
Projects: 1


I'm gonna wring your pants!


« Reply #15 - Posted 2009-03-20 11:35:00 »

not going to happen...
Not only can api's like lwjgl go fullscreen - but it would also be impossible for sun to know whether the binaries are safe or not. even with a source drop, they would have to comb through the code and changes every time. snowballs chance in hell.

Offline kappa
« League of Dukes »

JGO Kernel


Medals: 77
Projects: 15


★★★★★


« Reply #16 - Posted 2009-03-20 11:56:33 »

the thing with certificates is that they can be pulled/banned pretty fast, besides project owners can take responsibility right? like be contractually bound not to do anything wrong (criminal sanction?).

As for fullscreen you could have a system like Flash where pressing escape forces a fullscreen exit.
Offline princec

JGO Kernel


Medals: 379
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #17 - Posted 2009-03-20 12:03:08 »

The question is how can Java be moved on at a satisfactory rate without having to rely on the glacial progress of JDK releases? Why indeed should users trust Sun any more or less than they trust anyone else? Some sort of endorsed extension deployment mechanism is what's needed here. Perhaps once an extension has been OK'ed once by a user it's automatically trusted from that point onwards? Perhaps code using extensions that have been OKed shouldn't bring up a dialog?

Cas Smiley

Offline Markus_Persson

JGO Wizard


Medals: 15
Projects: 19


Mojang Specifications


« Reply #18 - Posted 2009-03-20 12:23:46 »

Perhaps once an extension has been OK'ed once by a user it's automatically trusted from that point onwards?

Isn't that the way it works now?

Play Minecraft!
Offline princec

JGO Kernel


Medals: 379
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #19 - Posted 2009-03-20 13:10:23 »

I don't think so... I think each individual certificate needs to be accepted (and there's an option for accepting a cert. in perpetuity).

What I was thinking was more along the lines of... Imagine Java as just the core plugin at the centre of an ecosystem of other plugin functionality. Such ecosystem might contain JavaFX, LWJGL, JOGL, JUnity, JFlash (hehe), etc. Rather like when you go to visit a website that requires a plugin you don't have, you're prompted about installing it (usually with some degree of hassle) - except in this case, the root of it all is Java, and it's easy to install as a result. So these plugins are to all intents and purposes to be treated just like their "native" equivalents: that is, a user trusts the plugin, not Java itself, to maintain security. This is already the situation to some extent. What it means is that the onus of trust is on the plugin vendors, not Java, to keep themselves secure. For users, it means accepting a one-time installation of a little extension in their JVM but no further dialogs.

You'd still want to have the standard JDK enforce its standard security wrt. windows and so on as that's built in to Java through and through. If a user wants to use an applet with an SWT plugin then it's up to SWT to put up their own warning triangles.

To be honest though it should be down to the operating system to enforce security and sandboxing at this point. Vista does it ok.

It's kinda like totally cross platform ActiveX with the attendant security worries I suppose, but the added benefits that certain things will become possible without any true security risk. It's worth pointing out that the sorts of supremely dodgy "screen copying" applet behaviour and "identical to MSN Messenger login" behaviour applets are going to be found only on the sorts of sites where a fool and his money deserve to be parted. No-one with legitimate aim would host such an application.

Cas Smiley

Offline VeaR

Junior Member





« Reply #20 - Posted 2009-03-20 23:25:25 »

Some ideas:

Instead of the panicky "Security Warning", it would be much better if it read something like "Your approval is needed". My virus checker/firewall is giving me "Security Warning"-s, the least what i want is some applet to show me a window with similar text to what a virus checker is showing. The message should be positive.

There is a slight difference when the browser reports that it needs to download and install a plugin to run the web-page, than the page trying to install something "by itself" and showing some scary "security warning". Maybe tighter integration of applet/webstart system with the browser would help this issue. The browser could manage the installed libs and cached applets/webstart apps. So Java would not show the security dialog, but the browser would. Its the matter of making an API and writing browser-specific plugins.
Offline SimonH
« Reply #21 - Posted 2009-03-21 01:48:06 »

it would be much better if it read something like "Your approval is needed".
+1
Better still a solid codebase (like flash, shockwave &c) which you download from a trusted source (sun.com) & which has the all bits needed for games. Sun has focussed (understandably I suppose) on their core J2EE market and didn't see how J2SE could have pissed all over flash if they'd wanted it to...

People make games and games make people
Offline atomhamster

Senior Newbie





« Reply #22 - Posted 2009-03-31 12:11:38 »

another late reply. im the frankenstein of reviving threads  Smiley

well, i care about the basic security, of course. i don't want any applet to have full access to my files, e.g.
but: i don't like the warnings for simple things like web access and hardware graphics.

the problem is: i don't trust anyone. signed or not. if the origin is known, that's nice, but i don't see any really trustworthy sources around here! i mean: it's not like WWF, BP, Siemens or some other big organisations are offering applets. instead, the one-man-show applets you see around are not becoming more trustworthy just because someone says "yep, thats them". i don't really know who that is.
and the big players don't use applets anyways, cause there have to be warnings for nothing.

i would propose an options panel for applets to allow certain things and disallow others. like javascript for firefox. anything that i didn't allow is either turned off, or raises a warning. the default setting should be comparable to flash and it should be clear, that an applet never allows file or registry access or anything like that. anything else is not the concern of sun, i would say.


otherwise i think all web-based java is going down the drains.

i even dislike jnlp now, cause you get the app installed and must be a java geek to find and uninstall it. that's not professional, i think. and that system is slow once more. but that's another topic.
Offline princec

JGO Kernel


Medals: 379
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #23 - Posted 2009-03-31 13:59:01 »

So would you download an .exe installer then and run that instead?

Cas Smiley

Offline sunsett

Senior Member




ribbit!


« Reply #24 - Posted 2009-03-31 14:12:27 »

That's what ticks me off....people constantly download and run installers for applications, but the minute they see that Java warning it sets off sirens in their heads that keep them from accepting.  It's a double-standard, and it's one that Sun created by the "different" way they alert users of the security risk....people get used to the "You're opening a file you downloaded off the internet, it probably has a virus and you'll all die" and then clicking, "Sounds like fun", but when they get a similar but different prompt from Java they think, "Haxors are attacking my compy!" and they unplug the cord and hide under their bed....okay, so maybe that's just my brother that does that, but still, I think the point is valid...unfortunately I don't know a good solution apart from making all the browsers alert the same way they do for installers and other arbitrary EXEs.
Offline atomhamster

Senior Newbie





« Reply #25 - Posted 2009-04-01 08:23:16 »

ok, that is a point, but ill grant this only for jnlp.

in case of applets especially, the .exe i installed is the java runtime! after that, it should work seamless! see points above.
the jnlp is sort of .exe downloading and installing. a warning or notice is fine then.

Offline trembovetski

Senior Member




If only I knew what I'm talking about!


« Reply #26 - Posted 2009-06-05 19:43:27 »

Update: As per the desire some gentlemen expressed in this thread, the article has been updated to use Applet instead of webstart app for a demo:
  http://java.sun.com/developer/technicalArticles/GUI/SecurityWarning/AppletWarning.html
Online Riven
« League of Dukes »

JGO Overlord


Medals: 799
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #27 - Posted 2009-06-06 08:04:23 »

All good intentions aside, I don't see how letting the programmer specify the icon position, make things better.

You can just shift the icon into your own GUI, and put it in front of a Label with has some fake 'alert message', like:


[ALERT] Be sure to get our latest update!


Nobody would hover over that icon anymore. It wouldn't stick out.
Indeed it is less intrusive, but this undermines the security warning/notification.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline princec

JGO Kernel


Medals: 379
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #28 - Posted 2009-06-06 08:18:44 »

Suspect I could easily DoS a machine too.
1  
for (;;) { JFrame frame = new JFrame("Haha"); frame.setBounds(0,0,width,height); frame.setVisible(); }

Blam! Could even pop in a few tweaks in there too like preventing OOMEs to make it even more cunning. I think windows should simply be banned from unsigned applets. That'd force people to think more Flash-like.

Cas Smiley

Offline trembovetski

Senior Member




If only I knew what I'm talking about!


« Reply #29 - Posted 2009-06-07 01:52:39 »

Suspect I could easily DoS a machine too.
1  
for (;;) { JFrame frame = new JFrame("Haha"); frame.setBounds(0,0,width,height); frame.setVisible(); }

Blam! Could even pop in a few tweaks in there too like preventing OOMEs to make it even more cunning. I think windows should simply be banned from unsigned applets. That'd force people to think more Flash-like.

Cas Smiley

FYI, you could do this even w/o windows, by just creating tons of threads. So, should we ban threads from applets? What if you run just a few threads, but with busy spinning loops (take all your cpus to 100%)? It's nearly impossible to prevent DoS types of attacks, but they aren't considered that dangerous, your information isn't getting stolen.
Pages: [1] 2
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

BurntPizza (28 views)
2014-09-21 02:42:18

BurntPizza (18 views)
2014-09-21 01:30:30

moogie (19 views)
2014-09-21 00:26:15

UprightPath (27 views)
2014-09-20 20:14:06

BurntPizza (29 views)
2014-09-19 03:14:18

Dwinin (45 views)
2014-09-12 09:08:26

Norakomi (74 views)
2014-09-10 13:57:51

TehJavaDev (100 views)
2014-09-10 06:39:09

Tekkerue (50 views)
2014-09-09 02:24:56

mitcheeb (71 views)
2014-09-08 06:06:29
List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50

List of Learning Resources
by SilverTiger
2014-07-31 16:26:06

List of Learning Resources
by SilverTiger
2014-07-31 11:54:12

HotSpot Options
by dleskov
2014-07-08 01:59:08
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!