From: John B. Matthews on 20 May 2010 00:55 In article <Jar-20100520013251(a)ram.dialup.fu-berlin.de>, ram(a)zedat.fu-berlin.de (Stefan Ram) wrote: > When one follows a web link to an executable JAR on a > webserver, it will be transferred via HTTP and then executed > (for example, under Windows, after Java was installed). The > operating system might ask the user for a confirmation and > then will run the JAR. > > Many users do not know much about what a JAR is, so they > might not be able to appreciate the possibly enhanced > security of Applets or of Web-Start (is there any?) > > So, in order to enable someone to start a Java-Application > via the Web, what might be some reasons to prefer one of > those means above the other (a link to an executable JAR > versus Web-Start)? IIUC, a JAR runs with no security restrictions, while a Java Web Start program is launched with whatever permissions are defined in the controlling JNLP file. As concrete examples, this game's JNLP requests no special permissions; by default, it runs in a restricted, "sandbox" environment: <http://sites.google.com/site/drjohnbmatthews/buttons> In contrast, this game requests access to the local file system in order to save preferences: <http://robotchase.sourceforge.net/> When run, the first engenders no security dialog; the seconds does. Both JAR's are signed to mitigate the risk of tampering. More details here: <http://java.sun.com/docs/books/tutorial/deployment/webstart/security.html> -- John B. Matthews trashgod at gmail dot com <http://sites.google.com/site/drjohnbmatthews>
From: Andrew Thompson on 20 May 2010 01:26 On May 20, 9:39 am, r...(a)zedat.fu-berlin.de (Stefan Ram) wrote: > When one follows a web link to an executable JAR on a > webserver, it will be transferred via HTTP and then executed > (for example, under Windows, after Java was installed). .. On Ubuntu Linux the user would be offered many options, including 'save to disk' and 'open in archive manager'. > ..The > operating system might ask the user for a confirmation and > then will run the JAR. > > Many users do not know much about what a JAR is, so they > might not be able to appreciate the possibly enhanced > security of Applets or of Web-Start (is there any?) Already covered. > So, in order to enable someone to start a Java-Application > via the Web, what might be some reasons to prefer one of > those means above the other (a link to an executable JAR > versus Web-Start)? JWS provides.. - Easy ways to add extra APIs and entire extensions (JOGL, Java3D etc.) to the application's run-time classpath, including natives delivered specific for the platform. - Automatic update. - Splash screens. - Desk-top integration. - APIs only available to JWS apps. like the PersistenceService, the SingleInstanceService & the ExtensionInsallerService that make some things very much easier. E.G.s at <http://pscode.org/jws/api.html> Note that Robot Chase app. mentioned by John could be deployed sand-boxed, by using the PersistenceService. - Fine-grained JRE versioning. For details see <http://pscode.org/jws/version.html> - ... -- Andrew T. pscode.org
From: Roedy Green on 20 May 2010 05:56 On Thu, 20 May 2010 00:55:20 -0400, "John B. Matthews" <nospam(a)nospam.invalid> wrote, quoted or indirectly quoted someone who said : > >IIUC, a JAR runs with no security restrictions, while a Java Web Start >program is launched with whatever permissions are defined in the >controlling JNLP file. As concrete examples, this game's JNLP requests >no special permissions; by default, it runs in a restricted, "sandbox" >environment: Further the browser/os may need to be configured to associate jars with java.exe, otherwise it will just be saved to disk. You can run an Applet in a jar with <APPLET or that other abomination. -- Roedy Green Canadian Mind Products http://mindprod.com Beauty is our business. ~ Edsger Wybe Dijkstra (born: 1930-05-11 died: 2002-08-06 at age: 72) Referring to computer science.
|
Pages: 1 Prev: A little afternoon source code Next: consuming the web service |