On Mon, Nov 24, 2008 at 5:26 PM, Aryeh Gregor <[EMAIL PROTECTED]> wrote: > On Mon, Nov 24, 2008 at 2:31 PM, Brion Vibber <[EMAIL PROTECTED]> wrote: >> Aryeh Gregor wrote: >>> They wouldn't have to click through if it was signed, would they? >> >> Yes they would. >> >> If that wasn't the case, then any web site you visited could read all >> your files without notifying you simply by signing their malware applet. > > I don't know anything about Java signing; I was relying on (my > possibly incorrect reading of) what Greg Maxwell has said in this > thread. I was assuming there was some kind of PKI being used here, as > with HTTPS, so that "trusted" applets would silently run with more > permissions. If not, then never mind what I said above.
You get no warning *at all* on non-origin network access for applets signed by an approved key. For example: http://www.jcraft.com/jorbis/player/JOrbisPlayer.php?play=http%3A%2F%2Fupload.wikimedia.org%2Fwikipedia%2Fcommons%2Fa%2Fa9%2FTromboon-sample.ogg&submit=play I don't have direct knowledge for file access. I had assumed that it was the same, but I'm guessing there. For Java Web Start and complete system access I just get a fairly friendly "This was published by Foo Corp. Do you wish to run it. [ ] Always trust content from Foo Corp." _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
