Java 8 sockets

ddyer · April 25, 2014, 6:27pm

Heads up for all sites which use java and sockets - java 8 seems to have broken
using sockets in sandboxed applets. This is currently seen in java web start,
but presumably will migrate to ordinary applets when the java plug-in is upgraded
to java 8.

The complaint is java.security.AccessControlException

this is a new complaint in java 8 - your current working site will break.

delt0r · April 26, 2014, 2:51pm

People still use applets? And Web start?

End users need not know your using java. Otherwise your doing it wrong. My 2c anyway.

CodeHead · April 26, 2014, 3:27pm

Corporations still use applets and Web Start. While such a warning may not seem that relevant to most JGO game developers, it’s useful for those of us who utilize Java in an enterprise environment.

AirTime · April 26, 2014, 3:57pm

I’m with you, I’m just concerned about the Applets/Web Starts that have already been made. If the client (you and me) update our Java to Java 8, and the author does not update his program, the client would not be able to run the program. That could cause some bad things to happen.

ddyer · April 26, 2014, 5:46pm

It’s true that Oracle seems to be trying to kill it by the death of 1000 cuts. Meantime, the news is that the java plugin
that uses java 8 has appeared, so applets as well as web start are now broken.

delt0r · April 26, 2014, 6:06pm

C++, C, C#, python, Lua etc don’t have applets and web start. They are not dying any more than java is.

Yea i did a lot of enterprise stuff a way back. We typically have good control over expected configuration of the clients. Even back then we dropped applets for our own local client. Sometimes a web page is not the best tool for the job.

ddyer · April 29, 2014, 7:10pm

I have a fairly definitive answer on this. Buried in the “enhancements” section of the java 8 documentation.
http://docs.oracle.com/javase/8/docs/technotes/guides/jweb/enhancements-8.html

  "For sandbox RIAs, SocketPermissions for the origin host is no longer granted. Calls from JavaScript code to the
  RIA are not granted SocketPermissions beginning with JDK 8."

I Leave it to the reader to decide in what universe this is an enhancement.

So it appears that Oracle has decreed that sandboxed applets can’t use sockets; they have to become all-permissions
applets, which have unrestricted access to the client’s machine. It mystifies me how requiring users to trust applets with
unrestricted access will enhance security.

Riven · April 29, 2014, 7:22pm

[quote=“ddyer,post:7,topic:48347”]
By killing it off. It’s one of the most effective measures.