Page 2 of 2 FirstFirst 12
Results 21 to 31 of 31
Like Tree2Likes

Thread: How to let browser accept the Applet legally

  1. #21
    gimbal2 is offline Just a guy
    Join Date
    Jun 2013
    Location
    Netherlands
    Posts
    5,114
    Rep Power
    12

    Default Re: How to let browser accept the Applet legally

    Comparing an ad to a client application being automatically executed in the browser... sigh.
    "Syntactic sugar causes cancer of the semicolon." -- Alan Perlis

  2. #22
    Xyle's Avatar
    Xyle is offline Member
    Join Date
    Feb 2009
    Location
    Nevada
    Posts
    49
    Rep Power
    0

    Default Re: How to let browser accept the Applet legally

    Quote Originally Posted by Tolls View Post
    The difference is, those cookies won't do diddly squat to your machine, whereas that Applet you just gave full write privileges to has just snuck a virus on to it.
    The cookies themselves can't, but they can definitely open some doors.
    What about the users that open attachments on their email?
    What about the users that click links in their email?
    What about the users that visit bad websites WITHOUT applets?

    The point is, you can bubble wrap users all you want to protect them, but your not going to keep them from harming their machines.

    Of course this is just my opinion but I appreciate the information!

  3. #23
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    13,541
    Rep Power
    26

    Default Re: How to let browser accept the Applet legally

    Cookies open no doors.
    Seriously.

    Added to which there was such a ****-storm over Java security 2 years ago that Oracle had to do something. After all, the browser companies pretty much all blocked applets until it was fixed.

    So your choice, completely blocked applets, or enforced signing.
    Please do not ask for code as refusal often offends.

    ** This space for rent **

  4. #24
    Xyle's Avatar
    Xyle is offline Member
    Join Date
    Feb 2009
    Location
    Nevada
    Posts
    49
    Rep Power
    0

    Default Re: How to let browser accept the Applet legally

    I apologize for the confusion, cookies don't open doors but can allow doors to be open among other things.

    If someone doesn't know the difference between a site running clean applets or bad applets, they sure aren't going to be able to tell the difference between a site setting acceptable cookies or a site setting malicious cookies that can ALLOW doors to be open, among other things.

    For Oracle to just come out and say sign it or lose it? That's the best they could do? That rendered all my game applets unplayable for anyone running java 8. So I have 2 choices, pay money to allow the applets to run or just port them over to another language. I am going with another language for now, down the road I may revisit the situation, but for right now I think this will be the best choice for me.

    Thanks for the information! I really appreciate it!

  5. #25
    SurfMan's Avatar
    SurfMan is offline Godlike
    Join Date
    Nov 2012
    Location
    The Netherlands
    Posts
    1,983
    Rep Power
    8

    Default Re: How to let browser accept the Applet legally

    There are no such things as malicious cookies (Except for these ofcourse).

    Why does phishing still exist? Because people can't see the difference between a legit email and the fake one. When they click the link to some scammy Russian site, even THEN they don't see the wonky address, the missing padlock in the address bar. So they enter ALL their banking data, they don't even have a clue of what they are doing.

    Would you guess rewriting your games to say, JavaScript/HTML/CSS is cheaper than signing the applet?
    "It's not fixed until you stop calling the problem weird and you understand what was wrong." - gimbal2 2013

  6. #26
    Xyle's Avatar
    Xyle is offline Member
    Join Date
    Feb 2009
    Location
    Nevada
    Posts
    49
    Rep Power
    0

    Default Re: How to let browser accept the Applet legally

    "There are no such things as malicious cookies (Except for these ofcourse)."
    Ok that was funny! Hahahahaha!

    If you would have spent as much time searching the term "website bad cookies" or "are website cookies harmful", as you did looking for some FBI cookies, you would have refuted yourself.

    Yes, rewriting the games is cheaper for me than paying for signed certs, in more ways than one.

  7. #27
    neo_sharath is offline Member
    Join Date
    Dec 2014
    Posts
    5
    Rep Power
    0

    Default Re: How to let browser accept the Applet legally

    Thank you Surfman. Very useful indeed.
    What is the downside if we opt for "no CSR" option while requesting this certificate?
    Basically, I want to know what is the risk & differences between CSR & non-CSR.

    I understand that the private key is made by us for the CSR option.

  8. #28
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    13,541
    Rep Power
    26

    Default Re: How to let browser accept the Applet legally

    Quote Originally Posted by Xyle View Post
    Yes, rewriting the games is cheaper for me than paying for signed certs, in more ways than one.
    Why not simply provide an executable jar?

    Made Mojang a fortune...
    Please do not ask for code as refusal often offends.

    ** This space for rent **

  9. #29
    SurfMan's Avatar
    SurfMan is offline Godlike
    Join Date
    Nov 2012
    Location
    The Netherlands
    Posts
    1,983
    Rep Power
    8

    Default Re: How to let browser accept the Applet legally

    @neo_sarath: I don't know the "no CSR" option. Please read the vendor FAQ for the difference.

    Quote Originally Posted by Xyle View Post
    If you would have spent as much time searching the term "website bad cookies" or "are website cookies harmful", as you did looking for some FBI cookies, you would have refuted yourself.
    https://encrypted.google.com/search?...0bad%20cookies
    https://encrypted.google.com/search?...kies%20harmful

    I did a search for both the search terms you suggested. Interestingly enough, the site at the first hit on Google said: "Many inexperienced web users are terrified of cookies, convinced that they are being used to send all their private information (and money) to some sinister group of internet scum." (source). I haven't found any sites that tell me how to execute malicious code via a cookie. I am glad you just proved my point.

    In terms of tracking and privacy, cookies have my concearn. In terms of executing malicious code, installing spyware and taking over your computer, cookies play no role in this. Shameless plug: installing the "Self destructing cookies" plugin does help a lot keeping the trackers out.
    "It's not fixed until you stop calling the problem weird and you understand what was wrong." - gimbal2 2013

  10. #30
    Xyle's Avatar
    Xyle is offline Member
    Join Date
    Feb 2009
    Location
    Nevada
    Posts
    49
    Rep Power
    0

    Default Re: How to let browser accept the Applet legally

    Quote Originally Posted by Tolls View Post
    Why not simply provide an executable jar?

    Made Mojang a fortune...
    My intent was to provide some online browser based games, I loved Java so Applets were an easy way to go. Its been proven that users aren't as inclined to download and play a game as they are to play it in a browser. Easy access = more players.

    As to the WEBSITE cookie argument, I appreciate the information, but you can believe whatever you want. If you don't think browser or session hijacking uses cookie information, then I would suggest doing more reading. If you don't think cookies are used to track who you are and what you click or where you visit, I would suggest more reading.

    In the end I apologize to the OP, the thread was about applet security, so I apologize for sidetracking it.

  11. #31
    Xyle's Avatar
    Xyle is offline Member
    Join Date
    Feb 2009
    Location
    Nevada
    Posts
    49
    Rep Power
    0

    Default Re: How to let browser accept the Applet legally

    Ok after adding SSL to my website for $40 a year AND adding my website to the exception list in Configure Java, my game applets now run under Java 8.

    Using the https:// prefix allows the applet to run as long as my website is in the exception list
    Using the http:// prefix will NOT allow the applet to run even though the website is in the exception list.

    This was unintended. The reason I went with SSL is for encrypting data sent to and from the server, but due to the SSL certificate, I get the added benefit of giving users the opportunity to play the Applet games.

    The down side is that the users still have to add the website to the exception list in order to play the games. :(

Page 2 of 2 FirstFirst 12

Similar Threads

  1. Applet for web browser
    By Jet in forum Java Applets
    Replies: 27
    Last Post: 02-01-2014, 11:32 PM
  2. Can't get this to run in browser as applet - Help
    By confusedgirl in forum New To Java
    Replies: 1
    Last Post: 02-02-2013, 03:53 AM
  3. How to run applet in a web Browser?
    By elururajesh3 in forum Java Applets
    Replies: 4
    Last Post: 11-06-2011, 09:34 AM
  4. applet working in applet viewer, not browser
    By plasticfood in forum Java Applets
    Replies: 4
    Last Post: 06-24-2011, 06:47 PM
  5. applet won't run in browser...
    By shwein in forum Java Applets
    Replies: 6
    Last Post: 10-17-2008, 06:24 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •