禁用 Java 警告外观 &对 Java Web Start 应用程序的影响 [英] Disabled Java warning appearance & affect on Java Web Start apps
问题描述
最近在 Java Plug-In1 中发现了安全漏洞.作为对最终用户的保护,大多数浏览器中的 Java 被立即禁用.Java 禁用"警告是什么样的?
阻止小程序是否也会影响 我看到了启动 JWS 应用程序的图标.同时(安全漏洞)时间我仍然在上面提到的小程序上看到那个警告.
请注意 Java FX 演示.确实本身有可能表明安全问题的应用程序组件"的安全风险/提示来自混合签名和"未签名的代码'.
Recently security vulnerabilities were discovered in the Java Plug-In1. As a protection for the end user, Java in most browsers was disabled promptly. What do the 'Java disabled' warnings look like?
Does the blocking of applets also affect Java Web Start apps. (they are launched from a link in a web page) aimed at desktop use?
- Security vulnerability in the Oracle Java Plug-In. For more details see:
- The JRE 1.7 Vulnerability Q&A at SO.
- Oracle Security Alert for CVE-2013-0422
- The Java™ SE Development Kit 7, Update 11 (JDK 7u11) release notes - the version in which the vulnerability was fixed.
What do the 'Java disabled' warnings look like?
This is how Oracle's test Java page appears now. It is an embedded applet.
FireFox
Chrome
Message in yellow bar at top of browser:
Java(TM) was blocked because it is out of date. Update plug-in... Run this time - learn more x
Shown in place of applet, and on right click produces menu..
Note re version 1.7.0_11
Java version 1.7.0_11 that fixes the bug, mentioned in the last link in the question, does not enable the browsers again. Those warnings above were seen despite that this info. can be seen after enabling the plug-in for either browser..
It might indicate that the Oracle fix for the bug is to permanently load applets in this 'prompted for every one' way. That might not be a bad thing.
Does the blocking of applets also affect JWS apps?
No it does not. Just applets (and applets embedded using JWS).
Here is how you might see a JWS app. deployed using deployJava.js which (checks for the JRE and) shows an icon like this (without prompt - if installed).
If launching (for example) the JavaFX 1.2 demo. - Powerful UI Capabilities With Node-Based Controls I see the icon for launching the JWS app. At the same (security vulnerability) time I still see that warning on the applet mentioned above.
Note that the Java FX demo. does itself have security risks/prompts for 'application components that might indicate a security concern' from 'mixing signed & unsigned code'.
这篇关于禁用 Java 警告外观 &对 Java Web Start 应用程序的影响的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
