jQuery in Action, 3rd edition
The moose likes Applets and the fly likes New security requirements for applets Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Applets
Bookmark "New security requirements for applets" Watch "New security requirements for applets" New topic

New security requirements for applets

Sven Farrenkopf

Joined: Sep 03, 2008
Posts: 22

When it comes to the new security requirements for applets (and web start) I think it's surprisingly quiet.I expected more Applet-developers to complain ...


What really bothers me: Is there any way to use self-signed certificates anymore? The second link above says:

"Self-signed certificates are an option to known communities, but each computer will need to import the certificate into its trust store."

Well ... I DID import the self-signed certificate into the trust store and I still get Warning-Messages under 1.7.0_45. Is that a bug? I doubt it.

Maneesh Godbole
Saloon Keeper

Joined: Jul 26, 2007
Posts: 10840

Thanks for sharing this Sven.
Applets never took off except after the initial hype. The only applet I use nowadays is my bank website which uses an applet to authenticate users (besides the login/password). Like it or not, applets reached their "end of life" long time back.
When JWS was introduced, I was pretty excited, especially with the fact it could automagically grab and install the updates. Sadly, it did not find much use in the real world considering practically everyone is preferring a 'thin/web' client. And of course you now have the mobile clients. Overall things dont look good for conventional thick clients.

I suspect the self signed certs being not allowed could have more of a commercial reason behind them. I think one of the comments from the links you posted sums it nicely
Ridiculous that an applet will need signing only for running in sandbox!
Flash does not need that, Silverlight neither!

What is the reasoning behind it besides that Oracle cannot make the sandbox work reliably?

A lot of very useful unsigned applets (math, physics, etc.) are out there; and they will not run after 7u51 just because "programmers" at Oracle are not able / willing to do their duties?!

Who will use applets in the future, who will pay for a 1 year certificate 200-300$ (besides maybe the large gaming studios)?

Shame on you Oracle for killing such a good platform!

[How to ask questions] [Donate a pint, save a life!] [Onff-turn it on!]
Richard Tookey

Joined: Aug 27, 2012
Posts: 1166

Over the years I have deployed many Applets and WebStart applications but I now only have one Applet and no WebStart applications still live. The Applet is 10 or so years old and is used to display data that I have found by research and users of the Applet have submitted; it most definitely runs within the Sandbox. I was thinking of updating the Applet but the changes to the security model mean I shall just withdraw it.

Oracle seem to have a basic misunderstanding of what signing an application/Applet does for security. Anyone can purchase from a CA a signed certificate but it does not prove they are trustworthy; it only attempts to prove that they are who they say they are and even then the checks made are pretty thin. Al Capone could have purchased one. A Mafia boss could purchase one. Osama bin Laden could have purchased one.

The new security model for Java will just be another nail in the coffin of Java based web application clients.

Sven Farrenkopf

Joined: Sep 03, 2008
Posts: 22
Maneesh Godbole wrote:
Like it or not, applets reached their "end of life" long time back.

Well, I wouldn't go that far. I agree that applets "never took off", but there is obviously still some need for RIAs that require more reliability/memory/performance than an AJAX-Framework can provide. And even if applets never reached the popularity they deserved(!) I believe they will never really die as well. Even this forum still offers "Applets" as a category that has its visitors (e.g. you and me)

But I really think somewhere on the way something went terribly wrong, now that everyones first appoach to RIA is using HTML/CSS/AJAX ... with HTML5 as the latest consequence of that development. Don't get me wrong: HTML5 is a good thing ... but still a result of a wrong market-development.

Applets will probably never reach the mobile market, but I really wish (but don't expect) some revplution would happen that provides a different, more solid (non-java?) solution for RIAs ... and no HTML-based patchwork that was developed because all the lemmings walked in the wrong direction.


I agree. Here's the link: http://aspose.com/file-tools
subject: New security requirements for applets
It's not a secret anymore!