What options do Java developers have other than to purchase certificates?

2
votes

I have a small applet hosted free of charge on my website. It doesn't desire any special permissions to access the user's computer and the code hasn't changed in 5 years.

In the past few months, I've been getting lots of emails from users complaining about security popups/warnings every time they use the applet. Most recently it appears that there's no way to "permanently allow this applet" anymore, and now warnings that say in the future unsigned applets won't be allowed to run at all.

I've tried self-signing the applet but the warning message is even scarier, stating that the applet will now have unrestricted access to the user's computer. I set the self-signed applet to run in the sandbox but the warning is still scarier than the unsigned applet warning, even though it runs with the same permissions.

What options do we have? I've been thinking about porting it to a different language, such as flash or HTML5. Are those any better? Is there any hope of Oracle backing off and letting unsigned applets live in peace again?

2
javasecurityapplet
I'm not sure it's entirely Oracle - aren't browser vendors locking down applet execution? - Brandon
There's not really a choice within Java. Purchase a certificate. Sign the applet, but without extra privileges. / Hopefully browser will start doing it with JavaScript. It may take them some time to catch up! - Tom Hawtin - tackline
As you are looking for alternatives too: JNLP aka Java WebStart. - Joop Eggen

2 Answers

0
votes

The warning is presented by the browser. Executing Java is disabled in Chrome for security reasons.

0
votes

Applets needs to be signed. You can use self-signed certificates. Yes once you sign, your applet has privileged access on user's computer to store and even delete files. However the user will have to click on "I Trust" for the applet to run. Self-signed certificate they can add it in their keystore of browser so that next time it will not pop up the warning. However I suggest that you buy code signing certificate from Digicert, Verisign etc so that your website looks professional. Since this is 5 years old code you need to describe to us what the applet code does so that we can think of alternative ways of implementation using different technology.