[icedtea-web] Idea - do not start ITW applets automatically
adomurad at redhat.com
Fri Nov 16 08:41:33 PST 2012
> Interesting idea, probably worthy to implement.
> Default behaviour should be definitely set-up-able from itw-settings.
> As you summarised, we need to take care only about unsigned applets,
> as signed ones already have launch/launch always/dont launch/never
> launch (or similar)
I actually hadn't thought about the fact that we can just leave signed
applets-as-they-are (because they require confirmation), but its obvious
now that I think about it. So this would be a setting for unsigned
applets, which don't require confirmation currently (possibly also
option to disable 'always trust cert' feature for paranoid people).
> Or this setting can be independent on signatures and so be checked
> even before signatures (launch/launch always/dont launch/never
> launch), and then trustworthiness will be checked.
> Or maybe some mixture :) - but I'm probably for second approach -
> before and independent on the signatures.
I'm not sure what you mean by 'independent on the signatures', sorry
> What is little bit more in my mind is, if you want to avoid of
> launching of jvm at all. If you want, then then it will probably not
> possible to have some interactive communication with user.
> If you will suffer launching of jvm, ten we can probably misuse splash
> - before actual loading starts, there wil be not-animated spalsh with
> text eg "this is applet, destiny of applets on domain blahblah.bl is
> not specified, would you like to launc/launchalways?"
Destiny is a funny word to use here :)
Launching JVM is fine by me. This is mostly motivated by applets trying
to be sneaky, and as you said 'Do not launch JVM' is a good option to
have (probably worded as 'Do not load applets at all' vs 'Do not
automatically launch applets')
> Not sure if this is what you wanted to hear, but think about it as
> "brainstorming" :)
It was exactly what I wanted to hear, thanks!
More information about the distro-pkg-dev