Java Security

Java Security	Howard Brazee
Re: Java Security	Lee Harvey
Re: Java Security	Howard Brazee
Re: Java Security	Lee Harvey
Re: Java Security	Howard Brazee
Re: Java Security	Howard Brazee
Re: Java Security	Lee Harvey
Re: Java Security	Howard Brazee
Re: Java Security	Lee Harvey
Re: Java Security	Howard Brazee
Re: Java Security	Lee Harvey
Re: Java Security	Howard Brazee
Re: Java Security	Lee Harvey
Re: Java Security	Howard Brazee

From: Howard Brazee Subject: Java Security Date: Tue, 18 Jan 2005 15:35:20 GMT I have a web site that I access daily. It pulls up a Java security window telling me "A signed applet is requesting additional privileges. Do you wiah to grant this applet all permissions? Is there any way to tell Opera that I always want to accept for this particular page? From: Lee Harvey Subject: Re: Java Security Date: Tue, 18 Jan 2005 11:34:01 -0500 Howard Brazee wrote: > I have a web site that I access daily. It pulls up a Java security > window telling me "A signed applet is requesting additional > privileges. Do you wiah to grant this applet all permissions? > > Is there any way to tell Opera that I always want to accept for this > particular page? Sure. It requires modifying the classes\opera.policy file. Can you supply the URL? If not, you'll need to determine how to add a "grant codeBase" block to your classes\opera.policy file. From: Howard Brazee Subject: Re: Java Security Date: Tue, 18 Jan 2005 17:11:09 GMT On 18-Jan-2005, "Lee Harvey" wrote: > > I have a web site that I access daily. It pulls up a Java security > > window telling me "A signed applet is requesting additional > > privileges. Do you wiah to grant this applet all permissions? > > > > Is there any way to tell Opera that I always want to accept for this > > particular page? > > Sure. It requires modifying the classes\opera.policy file. > > Can you supply the URL? If not, you'll need to determine how to add a > "grant codeBase" block to your classes\opera.policy file. http://mainframe.cusys.edu is my bookmark. It redirects me to http://mainframe.cusys.edu/bluezone1/UMSHDS/launch_j.htm (Launch_J launches the Java application for our secure 3290 terminal. Launch_X gets called by people foolish enough to use a browser incorporating Active-X). From: Lee Harvey Subject: Re: Java Security Date: Tue, 18 Jan 2005 12:43:55 -0500 Howard Brazee wrote: > On 18-Jan-2005, "Lee Harvey" wrote: > >>> I have a web site that I access daily. It pulls up a Java security >>> window telling me "A signed applet is requesting additional >>> privileges. Do you wiah to grant this applet all permissions? >>> >>> Is there any way to tell Opera that I always want to accept for this >>> particular page? >> >> Sure. It requires modifying the classes\opera.policy file. >> >> Can you supply the URL? If not, you'll need to determine how to add >> a "grant codeBase" block to your classes\opera.policy file. > > http://mainframe.cusys.edu is my bookmark. It redirects me to > http://mainframe.cusys.edu/bluezone1/UMSHDS/launch_j.htm (Launch_J > launches the Java application for our secure 3290 terminal. > Launch_X gets called by people foolish enough to use a browser > incorporating Active-X). Hmm. I don't see the applet on the page, but the BlueZone Session Manager did launch separately no problems. I could even "Launch BlueZone" from inside the BlueZone Session Manager...kinda neat. FWIW, I'm using... Opera 7.54 and 8.0pr1 Windows XP SP2 Sun Java 2 Runtime Environment, Standard Edition (build 1.5.0-b64) I don't know if any of these make a difference, since I suspect our opera.policy files are identical. Which JRE version do you have installed? From: Howard Brazee Subject: Re: Java Security Date: Tue, 18 Jan 2005 18:08:09 GMT On 18-Jan-2005, "Lee Harvey" wrote: > Hmm. I don't see the applet on the page, but the BlueZone Session Manager did > > launch separately no problems. I could even "Launch BlueZone" from inside the > > BlueZone Session Manager...kinda neat. > > FWIW, I'm using... > > Opera 7.54 and 8.0pr1 > Windows XP SP2 > Sun Java 2 Runtime Environment, Standard Edition (build 1.5.0-b64) > > I don't know if any of these make a difference, since I suspect our > opera.policy files are identical. Version 7.54 Build 3869 Platform Win32 System Windows 2000 Java Sun Java Runtime Environment version 1.4 VoiceXML Plugin not available From: Howard Brazee Subject: Re: Java Security Date: Tue, 18 Jan 2005 18:17:34 GMT On 18-Jan-2005, "Howard Brazee" wrote: > Version 7.54 > Build 3869 > Platform Win32 > System Windows 2000 > > Java Sun Java Runtime Environment version 1.4 > VoiceXML Plugin not available I tried downloading the latest Opera with Java, but couldn't install it because I'm at work without administrative privileges. I can test this hypothesis tonight at home though. I wish I could clean up some duplicates though: Volume in drive C has no label. Volume Serial Number is EC2D-38F5 Directory of C:\WINNT\system32 09/30/2002 08:56a 24,672 java.exe 1 File(s) 24,672 bytes Directory of C:\Program Files\JavaSoft\JRE\1.3.1\bin 05/06/2001 11:14a 20,547 java.exe 1 File(s) 20,547 bytes Directory of C:\Program Files\Java\j2re1.4.1_01\bin 09/30/2002 08:56a 24,672 java.exe 1 File(s) 24,672 bytes Directory of C:\orant\JRE11\bin 03/26/1997 07:51a 4,608 java.exe 1 File(s) 4,608 bytes Total Files Listed: 4 File(s) 74,499 bytes 0 Dir(s) 1,835,048,960 bytes free Volume in drive D has no label. Volume Serial Number is C8EC-502F Directory of D:\Program files\j2sdk_nb\j2sdk1.4.2\bin 09/15/2003 12:57p 24,670 java.exe 1 File(s) 24,670 bytes Directory of D:\Program files\j2sdk_nb\j2sdk1.4.2\jre\bin 09/15/2003 12:57p 24,670 java.exe 1 File(s) 24,670 bytes Directory of D:\Program files\j2sdk_nb\_jvm\bin 08/04/2003 05:04p 24,670 java.exe 1 File(s) 24,670 bytes Total Files Listed: 3 File(s) 74,010 bytes 0 Dir(s) 6,209,765,376 bytes free From: Lee Harvey Subject: Re: Java Security Date: Tue, 18 Jan 2005 14:11:16 -0500 Howard Brazee wrote: >> Version 7.54 >> Build 3869 >> Platform Win32 >> System Windows 2000 >> >> Java Sun Java Runtime Environment version 1.4 >> VoiceXML Plugin not available > > I tried downloading the latest Opera with Java, but couldn't install > it because I'm at work without administrative privileges. > ... > I wish I could clean up some duplicates though: > ... Ouch. The lack lack of administrator privileges may be the problem, especially if you don't have read/write/create/execute access to the Java archive cache folder. Can you use the Java Control Panel app (in Windows Control Panel) to control which JRE and cache folder to use? If not, you might try adding this "grant" block to your classes\opera.policy file: grant codeBase "http://mainframe.cusys.edu/-" { permission java.security.AllPermission; }; This generic grant block may require you to permission even more, such as java.io.FilePermission and java.net.SocketPermission. For some hints, see: http://java.sun.com/j2se/1.4.2/docs/guide/security/permissions.html Keep us posted. From: Howard Brazee Subject: Re: Java Security Date: Tue, 18 Jan 2005 19:20:54 GMT On 18-Jan-2005, "Lee Harvey" wrote: > Ouch. The lack lack of administrator privileges may be the problem, > especially if you don't have read/write/create/execute access to the Java > archive cache folder. I can get there at least. My W2000 control panel has a Java Plug-In panel and a Java Plug-In 1.31 panel. The former has a check where I can decide whether it thinks my default browser is IE or Netscape 6. I'll have someone with administrator privilege set up my Java the way it should be. What do you recommend I should ask him to do? (Do you recognize what the various versions of Java I showed in that earlier message are for - and which can be deleted?) From: Lee Harvey Subject: Re: Java Security Date: Tue, 18 Jan 2005 14:57:52 -0500 >> Lee wrote: >> Ouch. The lack lack of administrator privileges may be the problem, >> especially if you don't have read/write/create/execute access to the >> Java archive cache folder. > > Howard wrote: > I can get there at least. My W2000 control panel has a Java Plug-In > panel and a Java Plug-In 1.31 panel. The former has a check where > I can decide whether it thinks my default browser is IE or Netscape 6. > > I'll have someone with administrator privilege set up my Java the way > it should be. What do you recommend I should ask him to do? Allow you to download/install the latest Sun J2RE 1.5.0, and ensure you have full read/write/create/delete/execute permissions to the Java archive (JAR) cache folder. > (Do you recognize what the various versions of Java I showed in that > earlier message are for - and which can be deleted?) I recognize some of them, but not all. If you don't have applications that require a specific JRE version, then you could just remove all of them. This is especially true if you don't share your machine with others. I'd recommend doing this prior to installing J2RE 1.5.0. Keeping multiple JREs shouldn't hurt anything, however, since newer versions typically set themselves as the system default detected and used by Opera. From: Howard Brazee Subject: Re: Java Security Date: Tue, 18 Jan 2005 21:50:32 GMT I got privilege for a session, and uninstalled and reinstalled Java: Version 7.54u1 Build 3918 Platform Win32 System Windows 2000 Java Sun Java Runtime Environment version 1.5 VoiceXML Plugin not available It still asks me. I tried it from FireFox and it gives me an "always" option. From: Lee Harvey Subject: Re: Java Security Date: Tue, 18 Jan 2005 17:27:56 -0500 Howard Brazee wrote: > I got privilege for a session, and uninstalled and reinstalled Java: > > Version 7.54u1 > Build 3918 > Platform Win32 > System Windows 2000 > > Java Sun Java Runtime Environment version 1.5 > VoiceXML Plugin not available > > It still asks me. I tried it from FireFox and it gives me an > "always" option. Hmm... What's your Java cache folder location? Control Panel> Java> General tab> Temporary Internet Files section> Settings..> Location. (these steps assume J2RE 1.5.0 is installed) What's your Windows 2000 permissions for this folder? My Computer> Navigate to folder above> right-click Propertes> Security tab. At work, do you use a proxy server (or .pac file)? If so, you may need to adjust Java's network settings via Control Panel> Java> General tab> Network Settings...> adjust settings> OK Did you try adding the "grant" block to the classes\opera.policy file? Again, you may need to grant additional Java permissions, but if your web proxy or firewall is blocking certain port access to that application, then this might be fruitless. Does the Java applet work correctly in any browser at work? If so, disregard my proxy/firewall port blocking comments above. From: Howard Brazee Subject: Re: Java Security Date: Wed, 19 Jan 2005 14:54:44 GMT On 18-Jan-2005, "Lee Harvey" wrote: > What's your Java cache folder location? > Control Panel> Java> General tab> Temporary Internet Files section> > Settings..> Location. (these steps assume J2RE 1.5.0 is installed) C:\Documents and Settings\brazee\Application Data\Sun\Java\Deployment\cache > What's your Windows 2000 permissions for this folder? > My Computer> Navigate to folder above> right-click Propertes> Security tab. I don't have a security tab. When I tested yesterday, I had administrative privilege (temporary granted me). > At work, do you use a proxy server (or .pac file)? > If so, you may need to adjust Java's network settings via Control Panel> > Java> General tab> Network Settings...> adjust settings> OK That's not my setting. I'll have to ask somebody. > Did you try adding the "grant" block to the classes\opera.policy file? > Again, you may need to grant additional Java permissions, but if your web > proxy or firewall is blocking certain port access to that application, then > this might be fruitless. No. I looked to see what was there, but I don't touch things without knowing what I'm doing: grant { // Allows any thread to stop itself using the java.lang.Thread.stop() // method that takes no argument. // Note that this permission is granted by default only to remain // backwards compatible. // It is strongly recommended that you either remove this permission // from this policy file or further restrict it to code sources // that you specify, because Thread.stop() is potentially unsafe. // See "http://java.sun.com/notes" for more information. permission java.lang.RuntimePermission "stopThread"; // allows anyone to listen on un-privileged ports permission java.net.SocketPermission "localhost:1024-", "listen"; // "standard" properies that can be read by anyone permission java.util.PropertyPermission "java.version", "read"; permission java.util.PropertyPermission "java.vendor", "read"; permission java.util.PropertyPermission "java.vendor.url", "read"; permission java.util.PropertyPermission "java.class.version", "read"; permission java.util.PropertyPermission "os.name", "read"; permission java.util.PropertyPermission "os.version", "read"; permission java.util.PropertyPermission "os.arch", "read"; permission java.util.PropertyPermission "file.separator", "read"; permission java.util.PropertyPermission "path.separator", "read"; permission java.util.PropertyPermission "line.separator", "read"; permission java.util.PropertyPermission "java.specification.version", "read"; permission java.util.PropertyPermission "java.specification.vendor", "read"; permission java.util.PropertyPermission "java.specification.name", "read"; permission java.util.PropertyPermission "java.vm.specification.version", "read"; permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; permission java.util.PropertyPermission "java.vm.specification.name", "read"; permission java.util.PropertyPermission "java.vm.version", "read"; permission java.util.PropertyPermission "java.vm.vendor", "read"; permission java.util.PropertyPermission "java.vm.name", "read"; }; > Does the Java applet work correctly in any browser at work? With FireFox, I got a window asking me Yes, No, or Always. It doesn't ask me a 2nd time after I click on Always. With Opera, I get a window asking me Yes, or No. Is that "work correctly"? > If so, disregard my proxy/firewall port blocking comments above. I'm the only person running this with Opera. Others use FireFox. From: Lee Harvey Subject: Re: Java Security Date: Wed, 19 Jan 2005 12:55:16 -0500 >> What's your Java cache folder location? >> Control Panel> Java> General tab> Temporary Internet Files section> >> Settings..> Location. (these steps assume J2RE 1.5.0 is installed) > > Howard Brazee wrote: > C:\Documents and Settings\brazee\Application > Data\Sun\Java\Deployment\cache Ah, the default. That's good. It should be okay. >> What's your Windows 2000 permissions for this folder? >> My Computer> Navigate to folder above> right-click Propertes> >> Security tab. > > I don't have a security tab. When I tested yesterday, I had > administrative privilege (temporary granted me). No problem. >> At work, do you use a proxy server (or .pac file)? >> If so, you may need to adjust Java's network settings via Control >> Panel> Java> General tab> Network Settings...> adjust settings> OK > > That's not my setting. I'll have to ask somebody. After reading your comments below, I don't suspect this is a problem. Please disregard. >> Did you try adding the "grant" block to the classes\opera.policy >> file? Again, you may need to grant additional Java permissions, but >> if your web proxy or firewall is blocking certain port access to >> that application, then this might be fruitless. > > No. I looked to see what was there, but I don't touch things > without knowing what I'm doing > ... I understand. You can always make backup copies and restore them if you don't feel confident in the changes you've made. Just a thought. >> Does the Java applet work correctly in any browser at work? > > With FireFox, I got a window asking me Yes, No, or Always. It > doesn't ask me a 2nd time after I click on Always. > With Opera, I get a window asking me Yes, or No. Is that "work > correctly"? Is this the only difference? Yes/No vs. Yes/No/Always? If you click "Yes" enough times in Opera, does the app launch? If so, then yes, it's working correctly in Opera. BTW, what type of dialogs are your seeing? Are they "Do you trust..." dialogs? I suspect that if you modify your opera.policy file, you could effectively eliminate these dialogs altogether. See my previous post. From: Howard Brazee Subject: Re: Java Security Date: Wed, 19 Jan 2005 21:14:01 GMT On 19-Jan-2005, "Lee Harvey" wrote: > >> Does the Java applet work correctly in any browser at work? > > > > With FireFox, I got a window asking me Yes, No, or Always. It > > doesn't ask me a 2nd time after I click on Always. > > With Opera, I get a window asking me Yes, or No. Is that "work > > correctly"? Correction. FireFox no longer works. I probably messed up a Java setting when I uninstalled and reinstalled it yesterday. > Is this the only difference? Yes/No vs. Yes/No/Always? If you click "Yes" > enough times in Opera, does the app launch? If so, then yes, it's working > correctly in Opera. That was my original thought, but I was hoping for some way to make it not always ask me for my permission. > BTW, what type of dialogs are your seeing? Are they "Do you trust..." > dialogs? I suspect that if you modify your opera.policy file, you could > effectively eliminate these dialogs altogether. See my previous post. Java security A signed applet is requesting additional privileges. Do you wish to grant this applet all permissions? Seagull Software Systems Inc. View VeriSign Class 3 Code Signing 2001 CA Accept (Install) cancel Help Install is greyed out. FireFox came up with an additional screen which had an ALWAYS option. That's what I wish to emulate. I suspect you're right about my opera.policy file. But I haven't the foggiest how to go about this. I would expect there's a GUI somewhere which makes this easy, but I'm not finding anything to tell me what to do.