Re: > Sandboxed power == More secure???

From:

=?ISO-8859-1?Q?Arne_Vajh=F8j?= <arne@vajhoej.dk>

Newsgroups:

comp.lang.java.programmer

Date:

Tue, 16 Apr 2013 22:30:12 -0400

Message-ID:

<516e0934$0$32104$14726298@news.sunsite.dk>

On 4/16/2013 10:25 PM, Lew wrote:

Arne Vajh?j wrote:

Richard Maher wrote:

Perhaps the most significant change will be that, in the default
setting, sites will not be able to force the small programs known as
Java applets to run in the browser unless they have been digitally
signed. Users can override that only if they click to acknowledge the
risk, Rizvi said.
Read more:
http://www.smh.com.au/it-pro/security-it/oracle-fixes-42-holes-in-java-to-revive-confidence-20130417-2hz6n.html#ixzz2QfmbSO5B

Disbelief!

Really?

Rather overblown, that reaction.

They want users to confirm that they want to run an applet.
It somewhat protects against users being infected without noticing if
a malicious site uses a zero day vulnerability.

And there has been a few of those.

Chrome already prompts every time.

A bit frustrating for user experience,

Really?

That type of user confirmation does confuse large segments
of web users.

but Oracle has deemed it necessary.

But only for unsigned applets.

Signed applets has had the requirement for user accept from day 1.

Arne