Java-Gaming.org Hi !
Featured games (83)
games approved by the League of Dukes
Games in Showcase (522)
Games in Android Showcase (127)
games submitted by our members
Games in WIP (590)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: 1 [2] 3
  ignore  |  Print  
  feedback requested: security warning text  (Read 11116 times)
0 Members and 1 Guest are viewing this topic.
Offline Riven
« League of Dukes »

« JGO Overlord »


Medals: 835
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #30 - Posted 2009-04-18 23:36:42 »

Huh i see the warning icon on XP.

But maybe we should think about an option to close a undecorated && untrusted applet by clicking on the warning sign Wink (or something similar)

[edit] added screenshot

The point is, that yes, there is a warning sign, but... is it effective... like... at all?




Oh come on... I could have taken a screenshot at higher resolution, and that 'alert dialog' doesn't have to be there anyway. Because most would have entered their password before.



Flash handles this with an overlay with a warning, which disappears after 2 seconds.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline Riven
« League of Dukes »

« JGO Overlord »


Medals: 835
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #31 - Posted 2009-04-18 23:39:39 »

[forum created duplicate posting]

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline princec

« JGO Spiffy Duke »


Medals: 421
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #32 - Posted 2009-04-19 00:03:23 »

I think the yellow triangle seems to work fine, so long as it's always visible. I'm not sure why applets should even be allowed to open windows though, to be honest. They're suppoesd to be embedded in web pages. In fact I think they shouldn't be allowed, unless they're signed.

(What's to stop me signing my fake login applet, and the user clicks yes to see what the content is they're missing, which can then launch another process quietly in the background which at some random point makes the fake login screen when no-one thinks the applet is even running any more? In fact, given that I can do that... what security do we actually have? None at all really.)

Cas Smiley

Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline zammbi

JGO Coder


Medals: 4



« Reply #33 - Posted 2009-04-19 02:42:40 »

A little off topic but would be nice if you make JavaFX videos not pop up a security window... would be nice Roll Eyes

Current project - Rename and Sort
Offline Matzon

JGO Knight


Medals: 19
Projects: 1


I'm gonna wring your pants!


« Reply #34 - Posted 2009-04-19 06:45:03 »

I think the yellow triangle seems to work fine, so long as it's always visible. I'm not sure why applets should even be allowed to open windows though, to be honest. They're suppoesd to be embedded in web pages. In fact I think they shouldn't be allowed, unless they're signed.
We use unsigned applets for our game rooms that open up an applet window when people click on a table. We also have a solution that uses tabs to avoid this - but the windowed solution is better because it lets you chat both in the room and at the table at the same time.

The fact that you can open a window is not the problem. You could create the applet in an html popup and *some* people would still think it was a login screen. People ARE stupid and we can't save all of them...

Offline h3ckboy

JGO Coder


Medals: 5



« Reply #35 - Posted 2009-04-19 13:30:30 »


sure ti is, as long as no1 notices the "java applet" tag at the bottom lol
Offline Markus_Persson

JGO Wizard


Medals: 16
Projects: 19


Mojang Specifications


« Reply #36 - Posted 2009-04-20 11:49:43 »

Why are applets able to pop up windows at all? Just browsing to a page should not pop up any non-browser windows.
(Hell, it shouldn't pop up any BROWSER windows either..)

For webstart, the little triangle warning (with the border) is fine, imo.

Play Minecraft!
Offline trembovetski

Senior Devvie




If only I knew what I'm talking about!


« Reply #37 - Posted 2009-04-20 15:38:11 »

A little off topic but would be nice if you make JavaFX videos not pop up a security window... would be nice Roll Eyes

Being worked on.
Offline trembovetski

Senior Devvie




If only I knew what I'm talking about!


« Reply #38 - Posted 2009-04-20 15:40:33 »

The fact that you can open a window is not the problem. You could create the applet in an html popup and *some* people would still think it was a login screen. People ARE stupid and we can't save all of them...

That's poor excuse for not trying =) "hey, look at those people drowning.. too bad we can't save all of them, so let's not even try"..
Offline trembovetski

Senior Devvie




If only I knew what I'm talking about!


« Reply #39 - Posted 2009-04-20 15:44:22 »

(What's to stop me signing my fake login applet, and the user clicks yes to see what the content is they're missing, which can then launch another process quietly in the background which at some random point makes the fake login screen when no-one thinks the applet is even running any more? In fact, given that I can do that... what security do we actually have? None at all really.)

Cas Smiley

If you have convinced the user to accept your signed applet, game over, you own the machine. You can run native code, after all.

Which I think is a problem (mentioned several times) - we don't have a granularity when it comes to security - either almost nothing, or everything.

Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline Riven
« League of Dukes »

« JGO Overlord »


Medals: 835
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #40 - Posted 2009-04-20 15:47:23 »

That's poor excuse for not trying =) "hey, look at those people drowning.. too bad we can't save all of them, so let's not even try"..


But will a 'be cautious, untrusted waters' sign really help?








People are stupid.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline trembovetski

Senior Devvie




If only I knew what I'm talking about!


« Reply #41 - Posted 2009-04-20 15:50:32 »


But maybe we should think about an option to close a undecorated && untrusted applet by clicking on the warning sign Wink (or something similar)


I'm being told that closing window by clicking the warning sign is being considered for inclusion at later date.

Dmitri
Offline trembovetski

Senior Devvie




If only I knew what I'm talking about!


« Reply #42 - Posted 2009-04-20 15:57:47 »

But will a 'be cautious, untrusted waters' sign really help?

People are stupid.

Like I said, it may not help everybody, but history shows that the warning window does work (even  if only by discouraging people from using applets =) )
Offline zammbi

JGO Coder


Medals: 4



« Reply #43 - Posted 2009-04-20 16:10:01 »

Being worked on.
Great if that happens, then JavaFX can really compete against Flash.

Quote
I'm being told that closing window by clicking the warning sign is being considered for inclusion at later date.
Ah good. That should help escaping any unfriendly full screen app.
Another suggestion for escaping full screen is having a esc option.

Current project - Rename and Sort
Offline trembovetski

Senior Devvie




If only I knew what I'm talking about!


« Reply #44 - Posted 2009-04-20 17:01:52 »

Great if that happens, then JavaFX can really compete against Flash.
Ah good. That should help escaping any unfriendly full screen app.
Another suggestion for escaping full screen is having a esc option.

This is what will be done in FX - ESC closes FS window unconditionally.
Offline Matzon

JGO Knight


Medals: 19
Projects: 1


I'm gonna wring your pants!


« Reply #45 - Posted 2009-04-20 18:23:17 »

That's poor excuse for not trying =) "hey, look at those people drowning.. too bad we can't save all of them, so let's not even try"..
Tongue
What I am saying is that there is a fine line between protecting the users of Java and helping the producers of content.

Since an applet is already sand boxed it cannot do harmfull things. Why do we then need to add all sorts of visual warnings?
Whatever you can do with an applet, can be done by either flash or plain html - and if not, then limit applets. Don't add a forest of signs and warnings to scare away users.
Make sand boxed applications safe for the users (at least as safe as "the others") and remove *all* warnings.

However, signed applets is another deal, and I understand the need for the large warning signs. That said, you could re-introduce (why did it stop working? - did it?) the policy files to make the user aware what is being requested permission wise.

Offline Markus_Persson

JGO Wizard


Medals: 16
Projects: 19


Mojang Specifications


« Reply #46 - Posted 2009-04-21 07:41:37 »

Make sand boxed applications safe for the users (at least as safe as "the others") and remove *all* warnings.

Agreed.

But pop-up windows without special "THIS IS JAVA"-frames are not safe, as they can trick the user into thinking it's ANY other program..
"Wait, my Windows Live Messenger wants me to log in again? Ok then.."
"Wait, I thought I had already logged in to gmail? Ok then.."
"Wait, I thought I had already entered the launch codes for the nuclear bombs? Ok then.."

Pop up windows are evil as f**k.

Since a simple link can launch webstart from any site, and webstart can pop up windows without asking the user, those windows need to be CLEARLY labeled as unsafe. Absolutely, definitely, no question about it.
Hell, webstart apps don't even have to pop up a window at all, they can just run in the background for as long as the computer is running. Combine this with some scripting and networking, and you've got a free distributed computer trapping people who are stupid enough to click links on the interwebs.

Play Minecraft!
Offline Riven
« League of Dukes »

« JGO Overlord »


Medals: 835
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #47 - Posted 2009-04-21 10:22:21 »

Why not do this:
 - totally block undecorated Frames => frame.setUndecorated(true) has no effect
 - suppress the length of the Frame title visually, frame.getTitle() must return the full title
 - append " - Java Applet Window" in the frame title.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline DzzD
« Reply #48 - Posted 2009-04-21 10:46:24 »

I think that the explanation text must mention Java aswell as Browser because browser is more know by enduser

"Java Applet Window" => most user wont understand what it is

"Internet Explorer - Java Applet Window" or "Browser Java Window" => people will understand they are on the web

probably the best way is to do using browser rules :
- modified title
- no undecorated or a translucent message over the whole window that user have to click before activating and focusing the window (like the press esc to close window of flash video)


This is what will be done in FX - ESC closes FS window unconditionally.
>> probably already the case but, plz, think to add a Hook/Event as in IE the onbeforeunload event to help developper to know when the window is being closed

Offline Orangy Tang

JGO Kernel


Medals: 56
Projects: 11


Monkey for a head


« Reply #49 - Posted 2009-04-21 14:01:31 »

Why not do this:
 - totally block undecorated Frames => frame.setUndecorated(true) has no effect
 - suppress the length of the Frame title visually, frame.getTitle() must return the full title
 - append " - Java Applet Window" in the frame title.

I have to agree that this would be a much better way to go - frankly I find the current implementation with the floating warning icon is hideous. Not only does it look sloppy and unprofessional it's entirely unexpected behaviour. Good user interface design means using common patterns and metaphors - buttons look like buttons, links and urls follow certain conventions, grabbable areas like scrollbars have textured surfaces, etc. etc.

The floating warning icon has absolutely no existing analog. No app that I can think of floats icons or other images outside of their window. To a user it looks weird, alien and out of place. And things that look weird and alien get dismissed as bugs or worse (the first time I saw it, I thought I'd caught some weird virus). With the ability to change the position of the icon Sun will make things even more inconsistent and worrying for users.

We already have a solution that doesn't involve introducing strange new UI ideas - use the window title bar. Firefox displays "Javagaming.org - Recent Posts - Mozilla Firefox", handily combining user data (domain and page title) with it's own application identifier. Every app I've got open now follows this simple convention and users already know and understand it.

It really does baffle me how Sun manages to get these fundamental issues so very, very wrong. Angry

[ TriangularPixels.com - Play Growth Spurt, Rescue Squad and Snowman Village ] [ Rebirth - game resource library ]
Offline kappa
« League of Dukes »

JGO Kernel


Medals: 78
Projects: 15


★★★★★


« Reply #50 - Posted 2009-04-21 14:38:00 »

I'd have to agree with the above posts, Java 7 is a great chance to get applets right, better to tackle the fundamental issue head on by sacrificing some backward compatibility rather than going the heroic route of finding some workable workaround. It'd be better in the long term.

if you want popping applet windows, applet should be signed.
Offline zammbi

JGO Coder


Medals: 4



« Reply #51 - Posted 2009-04-21 14:41:11 »

Quote
Why not do this:
 - totally block undecorated Frames => frame.setUndecorated(true) has no effect
 - suppress the length of the Frame title visually, frame.getTitle() must return the full title
 - append " - Java Applet Window" in the frame title.

If unsigned applets going to open windows then this sounds fine.

You might want to look into how air does there warning messages: http://www.adobe.com/products/air/showcase/#section-1

Basically air looks like webstart but nicer looking and smoother. As you can see they have no warning icon outside there window Roll Eyes
Would also be nice if webstart had the installer window they use, able to pick where to install the app.
Edit:
Why doesn't Java have a nice market place?

Current project - Rename and Sort
Offline trembovetski

Senior Devvie




If only I knew what I'm talking about!


« Reply #52 - Posted 2009-04-22 18:10:31 »

Quote

Basically air looks like webstart but nicer looking and smoother. As you can see they have no warning icon outside there window Roll Eyes


Well, that's because their apps are signed. Signed java apps don't have the icon either.

I went to install the Mini clock, and the experience wasn't all that pleasant or different from a typical webstart app install.

(BTW, the clock widget proceeded to use about 10% of the cpu while running, and took around 80M of resident memory, so hey, may be JavaFX isn't that bad =) Their warm startup time is much better though)

(Edited: well, the Mini Clock re-starts in 4 seconds, which isn't all that great. The nicolodeon app is almost instant though)
Offline sunsett

Senior Devvie




ribbit!


« Reply #53 - Posted 2009-04-22 18:52:16 »

This is one of my main frustrations with JavaFX is you have to bite off the core of 3meg just to start up and everything you add on top is just extra weight.  Though 3meg is pretty small for an application, to require that to launch an applet seems VERY heavy. Even on broadband it can add valuable seconds to load-time.
Offline trembovetski

Senior Devvie




If only I knew what I'm talking about!


« Reply #54 - Posted 2009-04-22 19:47:36 »

This is one of my main frustrations with JavaFX is you have to bite off the core of 3meg just to start up and everything you add on top is just extra weight.  Though 3meg is pretty small for an application, to require that to launch an applet seems VERY heavy. Even on broadband it can add valuable seconds to load-time.

Well, the thing here is that javafx runtime is pre-installed with 6uN updates, so in theory for many users they only pay the price of the application.
For Macs yes, one would have to pay the price for the runtime download. The unfortunate thing is that because of the bugs in webstart it has to eagerly download some parts of the runtime which may not even be used.

But we digress from the topic.
Offline Orangy Tang

JGO Kernel


Medals: 56
Projects: 11


Monkey for a head


« Reply #55 - Posted 2009-04-22 20:19:54 »

But we digress from the topic.

So no comment on why Sun introduced an entirely alien and unfamiliar UI concept when an existing one already was already in common usage?

[ TriangularPixels.com - Play Growth Spurt, Rescue Squad and Snowman Village ] [ Rebirth - game resource library ]
Offline trembovetski

Senior Devvie




If only I knew what I'm talking about!


« Reply #56 - Posted 2009-04-22 20:33:04 »

So no comment on why Sun introduced an entirely alien and unfamiliar UI concept when an existing one already was already in common usage?

Because of our evilness, of course, we're out to harm the developers.

I don't think it was thought of "alien or unfamiliar". All we were trying to do is to get rid of the ugly java applet warning window (requested MANY times by the developers).

Apple has done it in a nice way, but because of technical limitations on windows (and other platforms, which give out more control to the user for window themes and such) it couldn't be done the same way, so we decided on an icon (after consulting with UE team, btw).

You can't put it inside the client window because it'll obscure the client content, so the logical choice is to put it outside. I myself think that it is associated well enough with the window it is attached to - you drag it, it is dragged, etc.

Also, where else would you put a warning for a translucent, shaped, or undecorated window?
Offline Riven
« League of Dukes »

« JGO Overlord »


Medals: 835
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #57 - Posted 2009-04-22 21:08:40 »

Also, where else would you put a warning for a translucent, shaped, or undecorated window?

Do not allow such behaviour on untrusted applications. Don't throw exception, just make is a no-op when the attempt is made.

Why not do this:
 - totally block undecorated Frames => frame.setUndecorated(true) has no effect
 - suppress the length of the Frame title visually, frame.getTitle() must return the full title
 - append " - Java Applet Window" in the frame title.

What's so bad about this solution? It seems so obvious.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline zammbi

JGO Coder


Medals: 4



« Reply #58 - Posted 2009-04-23 00:10:34 »

Quote
Well, that's because their apps are signed. Signed java apps don't have the icon either.
Some apps are not signed. I'm not sure what limitations they have.... But couldn't find any on my basic test.

Current project - Rename and Sort
Offline CommanderKeith
« Reply #59 - Posted 2009-04-23 02:18:16 »

Do not allow such behaviour on untrusted applications. Don't throw exception, just make is a no-op when the attempt is made.

What's so bad about this solution? It seems so obvious.

Yeah, now I agree that this would be better than the current warning sign. Like OrangyTang said, users are familiar with it.

Also, like was said before, applets shouldn't really need to pop up windows except for functional things like popping a file-open dialog which will always have a title bar (and won't be undecorated or translucent).

Pages: 1 [2] 3
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

trollwarrior1 (28 views)
2014-11-22 12:13:56

xFryIx (70 views)
2014-11-13 12:34:49

digdugdiggy (49 views)
2014-11-12 21:11:50

digdugdiggy (43 views)
2014-11-12 21:10:15

digdugdiggy (37 views)
2014-11-12 21:09:33

kovacsa (61 views)
2014-11-07 19:57:14

TehJavaDev (65 views)
2014-11-03 22:04:50

BurntPizza (63 views)
2014-11-03 18:54:52

moogie (79 views)
2014-11-03 06:22:04

CopyableCougar4 (78 views)
2014-11-01 23:36:41
Understanding relations between setOrigin, setScale and setPosition in libGdx
by mbabuskov
2014-10-09 22:35:00

Definite guide to supporting multiple device resolutions on Android (2014)
by mbabuskov
2014-10-02 22:36:02

List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50

List of Learning Resources
by SilverTiger
2014-07-31 16:26:06
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!