Re: > Sandboxed power == More secure???

From:

Lew <lewbloch@gmail.com>

Newsgroups:

comp.lang.java.programmer

Date:

Tue, 16 Apr 2013 19:25:31 -0700 (PDT)

Message-ID:

<bea8c676-96ab-457d-9ffb-ba9706f3e372@googlegroups.com>

Arne Vajh=F8j wrote:

Richard Maher wrote:

Perhaps the most significant change will be that, in the default
setting, sites will not be able to force the small programs known as
Java applets to run in the browser unless they have been digitally
signed. Users can override that only if they click to acknowledge the
risk, Rizvi said.
Read more:
http://www.smh.com.au/it-pro/security-it/oracle-fixes-42-holes-in-java-t=

o-revive-confidence-20130417-2hz6n.html#ixzz2QfmbSO5B

Disbelief!

Really?

Rather overblown, that reaction.

They want users to confirm that they want to run an applet.
It somewhat protects against users being infected without noticing if
a malicious site uses a zero day vulnerability.

And there has been a few of those.

Chrome already prompts every time.

A bit frustrating for user experience,

Really?

but Oracle has deemed it necessary.

But only for unsigned applets.

Tempest in a teapot.

--
Lew