-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gregory Maxwell wrote:
You get no warning *at all* on non-origin network access for applets signed by an approved key. For example: http://www.jcraft.com/jorbis/player/JOrbisPlayer.php?play=http%3A%2F%2Fuploa...
I don't have direct knowledge for file access. I had assumed that it was the same, but I'm guessing there.
I get a big scary dialog box here:
== This applet was signed by "JCraft,Inc.," but Java cannot verify the authenticity of the signature's certificate. Do you trust this certificate?
Click Trust to run this applet and allow it unrestricted access to your computer. Click Don't Trust to run this applet with standard Java restrictions.
[Show Certificate] [Don't Trust] [Trust] ==
Click "Show Certificate" and it expands to show cert details and adds a little check box:
[ ] Always trust "JCraft,Inc."
This is with Firefox 3.0.4 on Mac OS X 10.5, whatever default Java VM/plugin comes on the system.
- -- brion vibber (brion @ wikimedia.org)
For Java Web Start and complete system access I just get a fairly friendly "This was published by Foo Corp. Do you wish to run it. [ ] Always trust content from Foo Corp."
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l