Vista/Java security test - applets/jws


Andrew Thompson

Bugs reported* against Java under the new Vista/IE
security model affect signed applets, and also
trusted JWS applications.


The basic gist is that Vista imposes a more
restrictive security environment (particularly
to do with file access) than the original
trusted app. would receive.

It had earlier been noted that some JWS/browser
interaction problems can be sorted by 'disconnecting'
the launch from the browser and any security model
it might impose, so that led me to wonder if a new
ability of the JNLP API's BasicService in Java 6 might
help here.

The BasicService.showDocument(URL) method will
normally show the URL in the user's default browser,
but Java 6+ will hand an URL for a JNLP file
directly to javaws.

So I have a test..
Here is an unsigned web start application that
should not be affected by the bug.
It is intended to display details of launch files,
and also offer to launch them - so it is running as
Java 6+.

Here is a *signed* web start app. that requests
full permissions, if launched from IE, it should
trigger the bug..

However, if my theory is correct (I don't have
access to machines running Vista), the first app.,
the launcher, should be able to launch the second
app., the Gif encoder**, just fine.

** Or it's 'big brother' listed below it..

Can anyone with Vista tell me if it works to
get around this bug, by launching trusted JWS
apps. directly from a sandoxed JWS app.?

Andrew Thompson

Message posted via

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Latest member

Latest Threads