[pve-devel] new vnc 1.2 works fine now with http://fqdn....

Alexandre DERUMIER aderumier at odiso.com
Sat Apr 20 09:03:03 CEST 2013


If I understand, it seem that the problem is that we interact from extjs javascript (unsigned code) with vnc java console (signed code).

Maybe adding "Trusted-Library: true " to VncViewer.jar manifest.mf could help ?


----- Mail original ----- 

De: "Alexandre DERUMIER" <aderumier at odiso.com> 
À: "Dietmar Maurer" <dietmar at proxmox.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Samedi 20 Avril 2013 08:56:29 
Objet: Re: [pve-devel] new vnc 1.2 works fine now with http://fqdn.... 

I found this on the net: 

" 
Java 7 Update 21 was released on April 16 2013 and caused our applet to start showing this warning dialog. 

Per the release notes: As of JDK 7u21, JavaScript code that calls code within a privileged applet is treated as mixed code and warning dialogs are raised if the signed JAR files are not tagged with the Trusted-Library attribute. 

To fix this edit your manifest.mf file and add a line like this: 

Trusted-Library: true 
You should be very careful before doing this though. If your signed applet can be called from javascript then a malicious user can potentially do harmful things on your users' computers. 

One quick way to secure your applet is to prevent it from being run on other websites. Do this by putting code in the init() method that looks at getCodeBase().getHost() and throws an exception if it does not match your site. 
" 

----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Vendredi 19 Avril 2013 18:10:12 
Objet: RE: [pve-devel] new vnc 1.2 works fine now with http://fqdn.... 

> Oops, sorry, It's work fine after unblock, my vm was not started ;) 
> 
> Don't known why all the code is not signed.... 

Our Applet is signed, but seem that oracle does not like our certificate. 
You can even install the CA as trusted CA, does not help. 

But you can set java "Mixed Code" option to 

"hide warning and run with protections" 

IMHO, oracle does not really know what they do. 
I mean, if a user wants to trust in something , why does he need to answer 
that question again and again? 

And why is the code mixed? (I sign the whole applet?) 

Any insights are welcome. 
_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 



More information about the pve-devel mailing list