why do i love unsigned applets (much) more?

i love unsigned applets and java web start programs, because they are innocent. that's the way of java -- when people don't claim how innocent they are, they are truely innocent. they won't do anything harmful to your system. if they do want to access your file system or other any sensitive part, they will let you control all the thing, they are safe.

on the other hand, signed applets are always evil, that's the attitude of trust-me-wholly-or-not. (which reminds me of the windows ActiveX controls.) if you accept the signer's credit, then the applet can just do anything on your system. the current JRE honestly shows a dialog box indicating this. every time when i need to press the "i accept" button, i pray that it really be a nice player, and the programmer behind it has not intentionally or un-intentionally added any evil codes inside. i know there are ways to deal with this with usePolicy or so, but they need client-side config. it's acceptable inside an enterprise, but surely useless for we out in the public and want to protect us from the unknown sites.



so, why it cannot act at some point in between? inside the signed jar, somewhere in the meta directory, we can just put a file app.policy that we can specify a list of Permissions that we want to explicitly grant to the codes inside. then, instead of "this application will be run without the security restrictions normally provided by Java", it can show something like "this application will have access to part of your file system and the network". a button labeled "more" will show the permissions.toFriendlyString() in more details. once this file is placed in the jar, the plugin security manager will enforce the permissions as described. this way, i'll be more comfortable running them.

will this be a new feature in dolphin?

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

This blog has a comments managing system that requires me to approve each comment manually. Please do not re-post and I will reply it (if I have an answer) when I get pinged.

Search

Top Tags
Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today