替代小程序的替代技术? [英] Alternative technologies to replace applet?
问题描述
我有一个(未签名的)小程序,可让您绘制逻辑电路并在屏幕上对其进行测试(有点像 Electronics Workbench),然后将电路序列化(内部形式,而不是视觉表示)并将其发送到运行一系列自动化测试并生成性能报告的服务器.这是一个更大的网络应用程序的一个小而重要的部分.
I have an (unsigned) applet that let you draw a logic circuit and test it on-screen (a bit like Electronics Workbench), and it then serializes the circuit (the internal form, not the visual representations) and sends it to the server where a bunch of automated tests are run and a performance report is produced. This is a small but crucial part of a much larger web app.
但是,现在最新的 Java 插件是这样说的:
However, the latest Java plug-in now says this:
像这样运行未签名的应用程序将在未来的版本中被阻止,因为它可能不安全且存在安全风险.
Running unsigned applications like this will be blocked in a future release because it is potentially unsafe and a security risk.
现在,自签名它显然仍然可以工作(目前),但是代码在沙箱之外运行,这让我觉得这是一种愚蠢的做事方式,尽管我的代码当然完全没有错误!(我可以让你有兴趣购买一座桥吗?)在 Oracle 网站上进一步阅读我看到:
Now, self-signing it will still apparently work (for now), but then the code runs OUTSIDE the sandbox, which strikes me as a stupid way to do things, even though my code is of course completely bug-free! (Can I interest you in buying a bridge?) Reading further on the Oracle website I see this:
平台不会拒绝 Java 应用程序的执行......未来的更新版本可能包括其他更改以限制不安全行为,例如未签名和自签名应用程序."
The platform will not deny the execution of Java applications... Future update releases may include additional changes to restrict unsafe behaviors like unsigned and self-signed applications."
(这听起来像是未来的更新将拒绝执行 Java 应用程序"——除非您定期向 Thwaite 或 Verisign 付款并公开用户编写在沙箱外运行的代码.)
(Which sounds like it means "Future updates will deny the execution of Java applications" -- unless you pay money to Thwaite or Verisign on a regular basis AND expose users to code running outside a sandbox.)
他们也说
即使是用户体验的最小变化有时也会很麻烦".
"Even the smallest changes in user experience are sometimes troublesome".
(不开玩笑.)
我们已经考虑了变化如何影响用户体验.鉴于当前围绕浏览器中 Java 安全性的气候,代码签名是保护 Java 用户的一种宝贵的安全控制措施."
"We have considered how changes affect user experience. Given the current climate around Java security in the browser, code signing is a valuable security control for protecting Java users."
好吧,我不知道在这种情况下如何继续使用 Java.球门柱已经(再次)移动了,现在我正在寻找一支不同的足球队......或者更准确地说,我正在寻找一种替代技术,让我继续做我现在所做的事情:拖拽&放置电路元件,通过在输入和输出之间或其他连接之间拖动来创建连接,最后采用图表的内部形式并将其以可以解码和执行的形式发送到服务器,最好使用与创建图表完全相同的代码图表以避免版本问题.还有一些安全的东西,它不会因为我已经签名而破坏本地文件系统或其他任何东西.
Well, I don't see how I can continue using Java under these circumstances. The goalposts have been moved (again), and now I'm looking for a different football team... or more precisely, I'm looking for an alternative technology that will let me continue to do what I do now: drag & drop circuit elements, create connections by dragging between input and outputs or other connections, and finally take the internal form of the diagram and squirt it to the server in a form which can be decoded and exercised, preferably by exactly the same code that created the diagram to avoid versioning headaches. And something which is safe, which can't trash the local filesystem or whatever just because I've signed it.
既然甲骨文让我的生活变成了一场噩梦,谁能建议我下一步应该去哪里寻找?
Can anyone suggest where I should be looking next, now that Oracle has made my life a nightmare?
推荐答案
(这听起来像是未来的更新将拒绝 Java 应用程序的执行"——除非您定期向 Thwaite 或 Verisign 支付费用并将用户暴露给在沙箱外运行的代码.)
(Which sounds like it means "Future updates will deny the execution of Java applications" -- unless you pay money to Thwaite or Verisign on a regular basis AND expose users to code running outside a sandbox.)
使用 JNLP 启动的已签名小程序仍然可以进行沙盒处理.
A signed applet launched using JNLP can still be sand-boxed.
但如果你真的想避免它..
But if you really wish to avoid it..
我认为可以使用 JavaScript 提供逻辑和 HTML 5 canvas 用于渲染.
I think what you described can be provided using JavaScript for the logic and and an HTML 5 canvas for the rendering.
我会避免使用 Flash,因为它也容易受到安全漏洞的影响.这就像给自己挖了一个全新的洞,让自己陷入困境.
I would avoid Flash, since it is also susceptible to security bugs. It would be like digging yourself a brand new hole to get trapped in.
这篇关于替代小程序的替代技术?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
