Vista/Java security test - applets/jws

Discussion in 'Java' started by Andrew Thompson, Jul 12, 2007.

  1. Bugs reported* against Java under the new Vista/IE
    security model affect signed applets, and also
    trusted JWS applications.

    <http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6548078>
    <http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6504236>

    The basic gist is that Vista imposes a more
    restrictive security environment (particularly
    to do with file access) than the original
    trusted app. would receive.

    It had earlier been noted that some JWS/browser
    interaction problems can be sorted by 'disconnecting'
    the launch from the browser and any security model
    it might impose, so that led me to wonder if a new
    ability of the JNLP API's BasicService in Java 6 might
    help here.

    The BasicService.showDocument(URL) method will
    normally show the URL in the user's default browser,
    but Java 6+ will hand an URL for a JNLP file
    directly to javaws.

    So I have a test..
    Here is an unsigned web start application that
    should not be affected by the bug.
    <http://www.physci.org/jws/jwsapp.jnlp>
    It is intended to display details of launch files,
    and also offer to launch them - so it is running as
    Java 6+.

    Here is a *signed* web start app. that requests
    full permissions, if launched from IE, it should
    trigger the bug..
    <http://www.physci.org/giffer/giffer.jnlp>

    However, if my theory is correct (I don't have
    access to machines running Vista), the first app.,
    the launcher, should be able to launch the second
    app., the Gif encoder**, just fine.

    ** Or it's 'big brother' listed below it..
    <http://www.physci.org/giffer/giffer0512.jnlp>

    Can anyone with Vista tell me if it works to
    get around this bug, by launching trusted JWS
    apps. directly from a sandoxed JWS app.?

    --
    Andrew Thompson
    http://www.athompson.info/andrew/

    Message posted via JavaKB.com
    http://www.javakb.com/Uwe/Forums.aspx/java-general/200707/1
    Andrew Thompson, Jul 12, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. BdS
    Replies:
    0
    Views:
    358
  2. Andrew Thompson

    JWS/JOGL test..

    Andrew Thompson, Oct 14, 2005, in forum: Java
    Replies:
    21
    Views:
    1,100
    Andrew Thompson
    Oct 15, 2005
  3. Replies:
    3
    Views:
    526
    Andrew Thompson
    Aug 22, 2006
  4. Replies:
    9
    Views:
    674
  5. Andrew Thompson

    Ann: JaNeLA Launch - JWS test tool

    Andrew Thompson, Feb 16, 2009, in forum: Java
    Replies:
    0
    Views:
    308
    Andrew Thompson
    Feb 16, 2009
Loading...

Share This Page