1 Reply Latest reply: Jan 22, 2014 5:24 AM by CSCJPE RSS

Changes in security from 7 update 45 to 7 update 51 and problems with Java applet

CSCJPE Newbie
Currently Being Moderated

Hello,

 

After the update (from 7 update 45) to version 7 update 51 we've gotten some problems with a Java Applet as it won't run.

 

When changing security settings to "medium" it works, but it would not run under the default "high" setting. This lead me to update the manifest file as follows:

 

Manifest-Version: 1.0

Trusted-Only: true

Application-Name: MyApplet

Permissions: all-permissions

Caller-Allowable-Codebase: www.MySite.com

 

In addition to this, I added the <param> tag in the HTML page.

 

<applet name="MyApplet" code="MyApplet" archive="MyApplet.jar">

   <param name="permissions" value="all-permissions" />

</applet>

 

The applet is digitally signed with a certificated issued by Verisign.

 

It now runs on my system. But I noticed that it also runs if I switch the security setting back to "high", which doesn't make any sense to me.

 

I've tried another computer and to the same thing there. Would not run. I switched to "medium" and and the applet worked. Switched back to "high" and it still works.

 

I've tried this in both Google Chorme and Internet Explorer 11.

 

On a third computer it won't run at all, getting a different error message than on the other two, but still related to permissions/security.

 

The console log message is:

        "liveconnect: Security Exception: JavaScript from http://MySite.comn/MyPage.html attempted to access a resource it has no rights to."

 

Any ideas what I'm missing or what I need to change to get this beast to run everywhere.

  • 1. Re: Changes in security from 7 update 45 to 7 update 51 and problems with Java applet
    CSCJPE Newbie
    Currently Being Moderated

    I tried changing the Caller-Allowable-Codebase to not include "www." and it started giving the the same error message as for the third machine in the test.

     

    So, I changed Caller-Allowable-Codebase to "*" which made it work on all machines.

     

    I don't quite understand why it acts differently on different machines, if it's ok with www.MySite.com on one of the the machines, it should be OK on all no?

     

    I don't see a problem with letting it be "*" but it would be nice to understand what's going on.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points