-
Enhancement
-
Resolution: Won't Fix
-
P3
-
6u19
-
x86
-
windows_xp
A DESCRIPTION OF THE REQUEST :
In 6.0, 6u19+, there is a new _default_ behavior that warns the user if they are loading an combination of signed and unsigned resources:
http://java.com/en/download/help/error_mixedcode.xml
This seems a sensible security enhancement _except_that_ it has broken the longstanding behavior of a java product we have deployed.
Can the dialog be enhanced so that if the user selects "No", the system remembers and does not ask them again? Or at least provide a new button or checkbox that allows them to approve this allowance always?
JUSTIFICATION :
We deliver a signed jar with our product, and then bundle further resources dynamically on the customer's machine, so this problem is now occurring for anyone who upgrades the JVM. This is fairly user hostile to change such behavior that has existed since the beginning of the Java plugin... It is also hostile to us small percentage of web development groups who are still using Java.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
There are a few things I'd like to see change:
[] Allow the user an option to cause the system to "remember my decision"
[] Reword the dialog so that "Yes" becomes the choice which means "proceed as I used to and let this thing that I have never had a problem with before continue to run as it always has"
ACTUAL -
Instead, the user is given a confusing dialog that they will inevitably chose "Yes" for because that is the human user reflex for trying to get on with using an application (and because most will just not have the background necessary to understand the dialog). And they have to do it every time they load the applet.
CUSTOMER SUBMITTED WORKAROUND :
We will have
1) find out whether a two jars which are signed but signed with different certs will run happily together
2) research and write code to sign the dynamically packaged resource jar on the customer system
3) push out an update to all installs
In 6.0, 6u19+, there is a new _default_ behavior that warns the user if they are loading an combination of signed and unsigned resources:
http://java.com/en/download/help/error_mixedcode.xml
This seems a sensible security enhancement _except_that_ it has broken the longstanding behavior of a java product we have deployed.
Can the dialog be enhanced so that if the user selects "No", the system remembers and does not ask them again? Or at least provide a new button or checkbox that allows them to approve this allowance always?
JUSTIFICATION :
We deliver a signed jar with our product, and then bundle further resources dynamically on the customer's machine, so this problem is now occurring for anyone who upgrades the JVM. This is fairly user hostile to change such behavior that has existed since the beginning of the Java plugin... It is also hostile to us small percentage of web development groups who are still using Java.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
There are a few things I'd like to see change:
[] Allow the user an option to cause the system to "remember my decision"
[] Reword the dialog so that "Yes" becomes the choice which means "proceed as I used to and let this thing that I have never had a problem with before continue to run as it always has"
ACTUAL -
Instead, the user is given a confusing dialog that they will inevitably chose "Yes" for because that is the human user reflex for trying to get on with using an application (and because most will just not have the background necessary to understand the dialog). And they have to do it every time they load the applet.
CUSTOMER SUBMITTED WORKAROUND :
We will have
1) find out whether a two jars which are signed but signed with different certs will run happily together
2) research and write code to sign the dynamically packaged resource jar on the customer system
3) push out an update to all installs