[LINK] Security problems with Java in browsers
Fernando Cassia
fcassia at gmail.com
Tue Sep 18 12:39:54 AEST 2012
On Mon, Sep 17, 2012 at 10:48 PM, Roger Clarke <Roger.Clarke at xamax.com.au>wrote:
>
> And is the sandbox still real, or has local security been breached?
As you´re likely aware, the sandbox applies to applets, that is, usually
tiny apps run inside a browser and run through the browser plug-in, that is
a tiny component of the JRE. And which can be disabled from the browser,
leaving the rest of the Java Runtime intact.
Local Java apps can be signed (or unsigned) and the user grants permissions
to them or not based on trust of the publisher (like what happens when you
download an executable on Windows and run it to install any shareware,
freeware or opensource app), or in Linux when you download some RPM from a
third party repo.
The good news is that with OpenJDK being the reference implementation of
Java 7, at least Linux users can get updates much faster... specially with
projects like Henri Gomez´ buildfactory that provides automated builds and
a repo, which gives you even faster updates than your distro´s....
http://obuildfactory.hgomez.net/
Just my $0.02
FC
More information about the Link
mailing list