小程序的 Java 1.7.51 互联网限制 [英] Java 1.7.51 internet restrictions for applets

问题描述

在前几个月，我为一个学术项目开发了一个沙箱 Java 小程序.由于预算有限，我无法使用受信任的证书颁发机构对其进行签名.随着 Java 1.7.51 的发布，我发现由于缺少签名，新的安全限制禁止执行小程序.

In the previous months I developed a sandbox Java applet for an academic project. I wasn't able to sign it with a trusted Certificate Authority because of the restricted budget. With the release of Java 1.7.51 I found that the new security restrictions forbid the execution of the applet, because of the lack of signature.

到现在为止，我已经找到了两个粗略的解决方案:

Until now, I have found two rough solutions to this problem:

1. 要求用户将小程序页面包括在他/她的例外列表中；
2. 要求用户将 Java 安全级别设置为中"(当然，这是一个有风险的操作).

有没有办法在不要求用户更改安全设置的情况下，通过自签名小程序克服 Java 强加的限制?

Is there a way to overcome the restrictions imposed by Java with a self-signed applet without asking the user to change the security settings?

非常感谢您的回答，因为购买可信证书的选择仍然很昂贵.

I would deeply thank you for your answers, since the option to buy a trusted certificate remains an expensive one.

推荐答案

这不是一个真正的解决方案，但对于最终用户来说可能更方便一些:编写一个小程序(作为 jar 文件或批处理)，将您的站点添加到例外列表中.您提供给无法执行您的小程序的用户的这个小程序.它只需要执行一次.此处描述了如何做到这一点.

Its not a real solution but maybe a bit more convenient for the enduser: Write a small programm (as jar file, or batch) which adds your site to the exception list. This tiny programm you offer to the user which can't execute your applet. It only has to be executed once. How this can be done is described here.

控制例外站点列表的文件存储在用户的部署位置如部署配置中所述.在Windows 7 的位置是C:\Users\username\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites.格式为每行一个站点.

The file controlling the Exception Site List is stored in the user’s deployment location as described in the deployment configuration. On Windows 7 the location is C:\Users\username\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites. The format is one site per line.

如果您认为这对用户来说并不值得信赖，那么您可能是对的；-) 谁执行从 Internet 下载的文件?您也可以只在页面中添加一个小说明，用户可以从命令行执行它.对于 Windows，它会这样:

If you think that is not really trustworthy to the user you are probably right ;-) who executes a file downloaded from the internet? You can also just add a small description to your page and a user could execute it from commandline. For windows it would like that:

mkdir %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\security
echo http://www.carlos.com >> %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites

我越读我的帖子，我认为最好的解决方案是证书，但仍然想分享这个选项.

The more I read my post I think the best solution is the certificate but still wanted to share this option.

这篇关于小程序的 Java 1.7.51 互联网限制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！