Oracle 是否会在 JRE 7 更新 51 上杀死内网小程序? [英] Is Oracle killing intranet applets on JRE 7 update 51?

问题描述

请参阅 7u51 中 RIA 的新安全要求(2014 年 1 月).

<块引用>

RIA 必须包含两件事:

1. 来自受信任机构的代码签名.Applet 和 Web Start 应用程序的所有代码都必须签名，无论其权限属性如何.
   
2. 清单属性
   
   • Permissions – 在 7u25 中引入，从 7u51 开始需要.指示 RIA 是应在沙箱中运行还是需要完全权限.
     
   • Codebase – 在 7u25 中引入，从 7u51 开始可选/鼓励使用.指向托管代码的已知位置(例如，intranet.example.com).

参考 stackoverflow 上的另一篇文章，我同样担心证书对于 Intranet 使用来说很昂贵.
签署小程序并将其部署在内网.

我打算开始一个新的内网项目，我应该放弃小程序的考虑吗?
我所有的内网用户都没有连接外网的能力，他们在封闭的网络中，我非常怀疑是否需要签名小程序......?

解决方案

我打算开始一个新的内网项目，我应该放弃考虑小程序?

嗯，是的.很长时间以来，即使没有 Oracle 的最新更改，Applet 也不是很好的技术选择.如果您可以使用其他技术来做同样的事情，那通常会更好.

一些原因:

• 持续不断的漏洞流(这就是为什么它应该在浏览器上默认被禁用)
• 资源密集型
• 与网页分开访问(接近插件)
• 部署不是很简单
• 没有某些替代品具有的工具

最严重的原因是漏洞问题，但其他因素也有影响.

<块引用>

我所有的内网用户都没有对外连接的能力互联网，他们处于封闭网络中，我非常怀疑是否需要签名小程序......?

在最新版本的 java 插件中这是强制性的，所以你真的帮不上忙.

见 这个讨论 关于如果你想继续使用小程序需要什么.如果不这样做，它将无法在最新版本的 java 上运行.

Refer to New security requirements for RIAs in 7u51 (January 2014) .

RIAs must contain two things:

1. Code signatures from a trusted authority. All code for Applets and Web Start applications must be signed, regardless of its Permissions attributes.
   
2. Manifest Attributes
   
   • Permissions – Introduced in 7u25, and required as of 7u51. Indicates if the RIA should run within the sandbox or require full-permissions.
     
   • Codebase – Introduced in 7u25 and optional/encouraged as of 7u51. Points to the known location of the hosted code (e.g. intranet.example.com).

ref another post on stackoverflow, I have the same concern that certificate is expensive for intranet use.
Sign applet and deploy it in intranet.

I am planning to start a new intranet project, should I give up the consideration on applet?
All of my intranet user do not have the ability to connect outside internet, they are in closed network, I highly doubt the need of signed applet......?

解决方案

I am planning to start a new intranet project, should I give up the consideration on applet?

Well, yes. Applets haven't been a very good technology choice for a long time, even without Oracles latest changes. If you can do the same using other technologies, that's usually better.

Some reasons:

• continuous stream of vulnerabilities (which is why it should really be disabled by default on browsers)
• resource intensive
• separate access from the web page (act close to plugins)
• deployment isn't very straightforward
• doesn't have the tooling some alternatives have

The most serious reason is the vulnerability issue, but others play a role as well.

All of my intranet user do not have the ability to connect outside internet, they are in closed network, I highly doubt the need of signed applet......?

It's mandatory in the latest versions of java plugin, so you cannot really help that.

See this discussion on what's needed if you would like to keep on going with the applet. If you don't do it, it will not work on the latest versions of java.

这篇关于Oracle 是否会在 JRE 7 更新 51 上杀死内网小程序?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！