Java Plugin a huge security risk? How to preseve Java plugin from privilege escalation?

Java Plugin a huge security risk? How to preseve Java plugin from privilege escalation? Installing a regular Java plugin is IMHO a real security risk for non-IT people. Normally Java applets run in a sandbox and the applet cannot do anything harmful to your computer.
Asked by: Guest \| Views: 203

Total answers/comments: 1

Comments display order:

Guest [Entry]

"Absolutely not an official answer:

From 6u10, files can be read by applets using the java.jnlp API. The user first gets a warning dialogue (which I wish would be removed) and then a file open browser. The applet can only read the file that the user selects for it through the file chooser.

Currently you can prevent users from trusting 'content' by going to the Java Control Panel, selecting the Advanced tab. First tick box under security is currently ""allow user to grant permissions to signed content@. Second tick box is ""Allow user to grant permission to content from an untrusted authority"".

The scariness of the security dialog should roughly match that of comparable industry players, such as Microsoft's ActiveX and Adobe's AIR.

(Disclosure: I work in Java SE Security.)"