Do we need Oracle's official support to create a PPAPI plugin for secure Google chrome use?
Java in the browser used to be the gold standard for "sandbox" security, but the landscape has shifted and there are new problems such as jit spraying (JIT spraying - Wikipedia, the free encyclopedia).
Google Chrome has felt they had no choice but to drop Java's NPAPI plugin. Will Oracle write the next PPAPI plugin, or will we work together as a community on the next, more secure, version of the standard Java plugin? We shouldn't need to be worried that Java will cause a security issue. All the major security issues are now known, such as Cross-site request forgery - Wikipedia, the free encyclopedia are known and can be handled case by case. Any new attacks can be policed quickly using modern methods.
With states moving towards online voting, which may use Java, let us ask what level of security we want our votes and voter identities to have and make sure that is the standard to uphold.
I am quite interested in the question as well. As a member of a shop that is still supporting legacy apps created with Forms, Java is vital to our ability to function. With Chrome and Firefox out of the NPAPI picture, IE is now the only major browser that supports it, and MS is going to be discontinuing support for that soon. What are Oracle's plans regarding this?
Once oracle in a forms forum suggested they had a way to launch java code from the web directly to java
installed on the client and not using a browser plugin. But they are cagey like let's wait and see if the customers
end up with no way to run applets for a few months and if so then we could assign some developers to this. Whereas from
the customer point of view, the very first minute that personnel cannot run mission critical applets is a serious problem
for which the customer feels they should come up with a plan to deal with it now. Now wait until it happens.
However web start or similar depends on java being installed on the client.
This was an interesting article:
Marketing stuff but it points out an idea of using Android Runtime for Chrome” (ARC).
There's many other potential solutions possible such as getting the firefox source now that can run the jre plugin
and keeping it for later :-) Or taking the firefox source that won't run the plugin in the future and fixing it. Or some
other browser source that can run the plugin. This is something we customers can do. It is certainly something Oracle
can do but they have to have the think ahead mindset.
I'm not sure why this still hasn't been addressed, it's now been over a year since Chrome's announcement/deprecation...
Why no answer from Oracle?
this is not a good signal for Java Developer Community !!!!
Oracle pay attention to this stuff.
Well, this is a public facing community, so if you really want an official answer from Oracle, then it should be raised with Oracle Support directly (support.oracle.com)
yes you are right!
But I'm a little bit angry. After googling a lot, I haven't found any official communication from Oracle.
For my point of view, it's a mess if any developer needs to ask Oracle Support team to get this public informations.
Do they will continue to support java browers plugin?
yes / no
I can't answer that, I don't work for Oracle, I'm just a public volunteer who moderates the forums.
At least for Oracle Forms you can use non-Oracle tools like ThinForms to run them stand alone without browser or NPAPI support.
ThinForms uses a wrapper for the Oracle Forms JAR files and converts them into a stand alone executable. That way it's not browser (or NPAPI) dependent any more (also works with jinitiator)