search

lokeshj / jzebra

Automatically exported from code.google.com/p/jzebra
0 stars 0 forks source link

Applet publisher is "UNKNOWN". Or, how to stop security warning from popping up every page load? #94

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
-What steps will reproduce the problem?

Using the instructions and code from this page: 
http://code.google.com/p/jzebra/wiki/TutorialWebApplet

-What is the expected output? What do you see instead?

This image: 
http://1.bp.blogspot.com/_9hmP3Ho0t14/Sxg0XxeTomI/AAAAAAAAAXI/rStKpFiZuU8/s400/d
igital_signature.PNG
shows the publisher name as being "Tres Finocchiaro," but when the security 
dialog pops up on my computer it says "UNKNOWN."

-What version of the product are you using? On what operating system?
1.4.5, Windows 7

-Please provide any additional information below.

The problem is that I can't check "always trust content from the publisher" 
because the publisher is "UNKNOWN" and checking that option would allow any 
java applet to run, which obviously I don't want for security reasons. This is 
a big problem because the security box seems to popup every time I load a page 
with it included and I'm doing it quite frequently.

Any suggestions on how I can allow this applet to run without a security prompt?

Original issue reported on code.google.com by nathanho...@gmail.com on 11 Oct 2012 at 8:46

GoogleCodeExporter commented 9 years ago 
Checking "always allow" will only permit applets using the same exact 
certificate to run.  This will not permit "all" applets to run.

See Control Panel --> Java --> Security --> Certificates.  There you can revoke 
previously "always allowed" certificates.

If this is still a security concern of yours, consider purchasing a Signed 
Certificate for Java.  Pricing is about $250/year (give or take).

https://www.symantec.com/verisign/code-signing/java
http://www.thawte.com/code-signing/content-signing-certificates/sun-java/

Once this certificate is obtained, you will need to compile and sign the applet 
yourself using TutorialSignatureChange 
(http://code.google.com/p/jzebra/wiki/TutorialSignatureChange) and additional 
compilation help from the mailing list.

Closing and marking bug as invalid.  Please reopen if this was closed in error.

-Tres

Original comment by tres.fin...@gmail.com on 11 Oct 2012 at 9:13

GoogleCodeExporter commented 9 years ago 
Hi Tres,

Thanks for your quick reply.

So if I check "Always trust content from the publisher", where in your applet 
the publisher's Name is "UNKNOWN", then other applets with the publisher Name 
"UNKNOWN" will not be able to run automatically? In other words, checking that 
box will not allow any other applets to run automatically?

That is how I interpreted your message, but I just want to make sure.

Thanks,

Nate

Original comment by nathanho...@gmail.com on 11 Oct 2012 at 9:25

GoogleCodeExporter commented 9 years ago 
Correct.  This does not eliminate the security concerns, only mitigates it.  I 
would rather elaborate about security risks in email as to not "fuel the fire" 
so to speak.  tres.finocchiaro@gmail.com.

-Tres

Original comment by tres.fin...@gmail.com on 11 Oct 2012 at 9:30