是Oracle杀戮JRE 7更新51的Intranet小程序？ [英] Is Oracle killing intranet applets on JRE 7 update 51?

问题描述

参阅的RIA href=\"https://blogs.oracle.com/java-platform-group/entry/new_security_requirements_for_rias\">新的安全要求。

  

的RIA必须包含两件事情：

  
  

  
1. 从一个值得信赖的权威code签名。所有code为Applet和Web Start应用程序必须签名，不论其权限属性。结果

  
2. 清单特性结果
     
   
     
   • 权限 - 介绍在7u25，并作为7u51的需要。指示是否应该RIA在沙箱中运行或需要完全的权限。结果
   
     
   • codeBase的 - 介绍了在7u25和可选/鼓励为7u51的。指向托管code的已知位置（例如intranet.example.com）。
   
     

  

REF计算器上的另一篇文章中，我也有同样关切的是，证书是内部网使用昂贵的。结果
登录小程序，并在企业内部网部署。

我打算开始新的内部网项目，我应该放弃审议关于小程序？结果
我所有的内网用户不具备连接互联网以外的能力，他们在封闭的网络，我很怀疑签名Applet的需要......？

解决方案

  

我打算开始新的Intranet工程，我应该放弃
  审议关于小程序？

恩，是的。小程序还没有很长一段时间了很好的技术选择，即使没有Oracle的最新变化。如果可以使用其他技术做同样的，这通常是更好的。

一些原因：

• 漏洞的连续流（这就是为什么它应该被默认在浏览器上禁用）


• 资源密集型


• 从网页（行动接近插件）独立访问


• 部署不是很简单


• 没有工装一些替代品有

最严重的原因是漏洞问题，但其他人扮演的角色。

  

我所有的内网用户不必外部连接的能力
  互联网，他们在封闭的网络，我很怀疑的需要
  签名Applet ......？

这是在Java插件的最新版本强制性的，所以你不能真正帮助的。

请参阅this对，如果你想继续与applet去什么需要讨论。如果你不这样做，它不会对Java的最新版本。

Refer to New security requirements for RIAs in 7u51 (January 2014) .

RIAs must contain two things:

1. Code signatures from a trusted authority. All code for Applets and Web Start applications must be signed, regardless of its Permissions attributes.
   
2. Manifest Attributes
   
   • Permissions – Introduced in 7u25, and required as of 7u51. Indicates if the RIA should run within the sandbox or require full-permissions.
     
   • Codebase – Introduced in 7u25 and optional/encouraged as of 7u51. Points to the known location of the hosted code (e.g. intranet.example.com).

ref another post on stackoverflow, I have the same concern that certificate is expensive for intranet use.
Sign applet and deploy it in intranet.

I am planning to start a new intranet project, should I give up the consideration on applet?
All of my intranet user do not have the ability to connect outside internet, they are in closed network, I highly doubt the need of signed applet......?

解决方案

I am planning to start a new intranet project, should I give up the consideration on applet?

Well, yes. Applets haven't been a very good technology choice for a long time, even without Oracles latest changes. If you can do the same using other technologies, that's usually better.

Some reasons:

• continuous stream of vulnerabilities (which is why it should really be disabled by default on browsers)
• resource intensive
• separate access from the web page (act close to plugins)
• deployment isn't very straightforward
• doesn't have the tooling some alternatives have

The most serious reason is the vulnerability issue, but others play a role as well.

All of my intranet user do not have the ability to connect outside internet, they are in closed network, I highly doubt the need of signed applet......?

It's mandatory in the latest versions of java plugin, so you cannot really help that.

See this discussion on what's needed if you would like to keep on going with the applet. If you don't do it, it will not work on the latest versions of java.

这篇关于是Oracle杀戮JRE 7更新51的Intranet小程序？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！