Java 8 sockets

[ddyer]

Heads up for all sites which use java and sockets - java 8 seems to have broken
using sockets in sandboxed applets.  This is currently seen in java web start,
but presumably will migrate to ordinary applets when the java plug-in is upgraded
to java 8.

The complaint is java.security.AccessControlException

this is a new complaint in java 8 - your current working site will break.

[delt0r]

People still use applets? And Web start?

End users need not know your using java. Otherwise your doing it wrong. My 2c anyway.

[CodeHead]

People still use applets? And Web start?

End users need not know your using java. Otherwise your doing it wrong. My 2c anyway.

Corporations still use applets and Web Start. While such a warning may not seem that relevant to most JGO game developers, it's useful for those of us who utilize Java in an enterprise environment.

Games published by our own members! Check 'em out!

[AirTime]

People still use applets? And Web start?

End users need not know your using java. Otherwise your doing it wrong. My 2c anyway.

I'm with you, I'm just concerned about the Applets/Web Starts that have already been made. If the client (you and me) update our Java to Java 8, and the author does not update his program, the client would not be able to run the program. That could cause some bad things to happen.

[ddyer]

People still use applets? And Web start?

End users need not know your using java. Otherwise your doing it wrong. My 2c anyway.

It's true that Oracle seems to be trying to kill it by the death of 1000 cuts.  Meantime, the news is that the java plugin
that uses java 8 has appeared, so applets as well as web start are now broken.

[delt0r]

C++, C, C#, python, Lua etc don't have applets and web start. They are not dying any more than java is.

Yea i did a lot of enterprise stuff a way back. We typically have good control over expected configuration of the clients. Even back then we dropped applets for our own local client. Sometimes a web page is not the best tool for the job.

[ddyer]

I have a fairly definitive answer on this.  Buried in the "enhancements" section of the java 8 documentation.
http://docs.oracle.com/javase/8/docs/technotes/guides/jweb/enhancements-8.html

      "For sandbox RIAs, SocketPermissions for the origin host is no longer granted. Calls from JavaScript code to the
      RIA are not granted SocketPermissions beginning with JDK 8."

I Leave it to the reader to decide in what universe this is an enhancement.

So it appears that Oracle has decreed that sandboxed applets can't use sockets; they have to become all-permissions
applets, which have unrestricted access to the client's machine.  It mystifies me how requiring users to trust applets with
unrestricted access will enhance security.

[Riven]

 It mystifies me how requiring users to trust applets with unrestricted access will enhance security.

By killing it off. It's one of the most effective measures.