Reputation: 548
Alternative technologies to replace applet?
I have an (unsigned) applet that let you draw a logic circuit and test it on-screen (a bit like Electronics Workbench), and it then serializes the circuit (the internal form, not the visual representations) and sends it to the server where a bunch of automated tests are run and a performance report is produced. This is a small but crucial part of a much larger web app.
However, the latest Java plug-in now says this:
Running unsigned applications like this will be blocked in a future release because it is potentially unsafe and a security risk.
Now, self-signing it will still apparently work (for now), but then the code runs OUTSIDE the sandbox, which strikes me as a stupid way to do things, even though my code is of course completely bug-free! (Can I interest you in buying a bridge?) Reading further on the Oracle website I see this:
The platform will not deny the execution of Java applications... Future update releases may include additional changes to restrict unsafe behaviors like unsigned and self-signed applications."
(Which sounds like it means "Future updates will deny the execution of Java applications" -- unless you pay money to Thwaite or Verisign on a regular basis AND expose users to code running outside a sandbox.)
They also say
"Even the smallest changes in user experience are sometimes troublesome".
(No kidding.)
"We have considered how changes affect user experience. Given the current climate around Java security in the browser, code signing is a valuable security control for protecting Java users."
Well, I don't see how I can continue using Java under these circumstances. The goalposts have been moved (again), and now I'm looking for a different football team... or more precisely, I'm looking for an alternative technology that will let me continue to do what I do now: drag & drop circuit elements, create connections by dragging between input and outputs or other connections, and finally take the internal form of the diagram and squirt it to the server in a form which can be decoded and exercised, preferably by exactly the same code that created the diagram to avoid versioning headaches. And something which is safe, which can't trash the local filesystem or whatever just because I've signed it.
Can anyone suggest where I should be looking next, now that Oracle has made my life a nightmare?
Upvotes: 5
Views: 16658
Answers (3)
Reputation: 91
You can still run unsigned java applets in your web pages if you block your Java plugin in the browser to the version SE 7 U11 (jre-7u11-windows-i586.exe) Of course you will have to block automatic Java update with "C:\Program Files (x86)\Java\jre7\bin\javacpl.exe" I hop you can survive for a while this way, before you find an alternative to JAva applet. In HTML5 the tag to call an apllet is now object and the syntax is a bit different:
<object codetype="application/java"
classid="yourApplet.class"
codebase="http://www.yourserver ..."
archive="YourJarFile.jar"
width="x" height="y">
<param name="paramName1" value="paramValue1"/>
<param name="paramNamei" value="paramValuei"/>
</object>
Upvotes: 0
Reputation: 168825
(Which sounds like it means "Future updates will deny the execution of Java applications" -- unless you pay money to Thwaite or Verisign on a regular basis AND expose users to code running outside a sandbox.)
A signed applet launched using JNLP can still be sand-boxed.
But if you really wish to avoid it..
I think what you described can be provided using JavaScript for the logic and and an HTML 5 canvas for the rendering.
I would avoid Flash, since it is also susceptible to security bugs. It would be like digging yourself a brand new hole to get trapped in.
Upvotes: 3
Reputation: 5487
I can't comment on what you found about applets, since I never wrote one.
If you want to move away from them, maybe your only option (while staying with Java) is go for web applcations, where the code is most on server-side and you interact with your software directly in your browser. On the client-side javascript (and js-related libraries like JQuery) is used, though I can't elaborate about it more since I'm don't know the Java EE stack very well yet.
I'm not sure if you can get 100% the same user experience as you currently have in your applet, above all for an electronics application. But it may offer the highest code-reuse of most of your Java classes.
I've used Vaadin, it's a framework that moves almost all your coding to the server-side (you only need to code the client side if you want to create addons). I've heard about Zk too, but I've never used it, so I can't say anything about it.
Upvotes: 0
Related Questions
- Making a java applet meet high security standards
- Which option is suitable to replace Java Applet?
- Java applets alternatives and usability in desktop apps
- protecting applet code against hackers
- Java security vulnerability for basic applet
- What Applets Can and Cannot Do
- Merits of Java applet for web applications
- Applet Security
- What security can be added to Java Applets?
- Java <-> Javascript for non-Applets?