Closed
Bug 160274
Opened 22 years ago
Closed 11 years ago
Security : Codesigned Applet and LiveConnect problem
Categories
(Core Graveyard :: Java: OJI, defect)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: toudal, Assigned: yuanyi21)
References
Details
Attachments
(2 files)
Codesigned Java applets cannot communicate through LiveConnect. Both features works as intended when tested 'one without the other' but the two features cannot be active at the same time. If proper security are to work in Netscape on the Mac these to features are crucial for the finance sector, e-banking etc. Source sent to bnesse@netscape.com and saari@netscape.com today 07-31-2002
Reporter | ||
Updated•22 years ago
|
Summary: Security : Codesigned Applet and LiveConnect problem → Security : Codesigned Applet and LiveConnect problem
Comment 1•22 years ago
|
||
Adjusting fields.
Assignee: saari → beard
Component: General → OJI
Product: Chimera → Browser
Version: unspecified → other
Comment 2•22 years ago
|
||
As I understand it, this is a non-trivial problem. Basically the Apple Java implementation needs to use our networking stack, or vice versa, in order to make this work. Beard has discussed it with Apple engineers in the past, but it wasn't a high priority at the time, and it was also a lot of work. It is something we should work out, but I can't comment on a timeline for when this will get fixed.
Reporter | ||
Comment 3•22 years ago
|
||
Reporter | ||
Comment 4•22 years ago
|
||
The government sites this bug as one reason why we can't use Mozilla/Netscape to view their KH-7 and KH-9 satellite images. http://edcsns17.cr.usgs.gov/EarthExplorer/ News story about the release of Cold War images is here: http://www.msnbc.com/news/835138.asp
Attachment #93548 -
Attachment mime type: application/octet-stream → application/zip
Attachment #93550 -
Attachment mime type: application/octet-stream → application/zip
Comment 6•21 years ago
|
||
This relates to the primary reason why Hushmail (www.hushmail.com) does not work with Mozilla and Netscape on the Macintosh. The permissions granted to the signed Jar do not seem to get applied to Java methods called from JavaScript.
This bug also makes it so that none of the Dutch (and probably other) online banking sites, like postbank.nl, work with Gecko browsers on Mac OS X. (Camino, Firefox, Seamonkey). Which make many users stich with webkit, despite webkit being slower at rendering.
Comment 8•20 years ago
|
||
Sounds to me like this bug may need some loving. Any takers?
Comment 9•20 years ago
|
||
Maybe Kyle can help.
Assignee | ||
Comment 10•20 years ago
|
||
If this is a MacOS only bug, I can't - I don't have any Mac box :(
Comment 11•20 years ago
|
||
I'm posting because someone added my name to the CC list ... but in fact I do have something to contribute :-) As mentioned in comment #7, the Postbank.nl site (still) illustrates the problem discussed here. It uses a signed applet for authentication. But when you use Java 1.3.1 via the "Java Applet.plugin", authentication fails with an error message something like "the security module is no longer available" (I used http://babelfish.altavista.com/ to translate from the Dutch). https://www.p3.postbank.nl/sesam/SesamLoginServlet However, authentication seems to work just fine when you use Java 1.3.1 via the MRJ Plugin Carbon, or Java 1.4.X via a combination of the MRJ Plugin Carbon and the Java Embedding Plugin. (As best I can tell without actually having an account with Postbank.nl. I've also heard that people are using the Java Embedding Plugin to authenticate to Postbank.nl.) http://javaplugin.sourceforge.net/ (I'm the Java Embedding Plugin's author. The version of the MRJ Plugin Carbon that I used is one that I distribute with the Java Embedding Plugin. I've altered it to use the Java Embedding Plugin, when present, to do Java 1.4.X. I've also fixed up a lot of its bugs, so that it now (as far as I can tell) fully supports LiveConnect -- whether via the Java Embedding Framework and Java 1.3.1 or via the Java Embedding Plugin and Java 1.4.X.) The MRJ Plugin Carbon doesn't "use our (i.e. Mozilla's) networking stack" -- rather, it correctly sets up the necessary permissions for the signed applet to use ordinary Java networking. (Debug messages visible in the Java Console show what permissions have been granted.) So comment #2 appears to be incorrect.
Comment 12•20 years ago
|
||
(Following up comment #11) Actually, this problem is very simple, and has nothing to do with whether or not an applet is signed. (I spaced it out when I was writing my previous comment.) The "Java Applet.plugin" doesn't support LiveConnect. At all. On any version of Mac OS X. In the absence of the MRJ Plugin Carbon, all browsers besides Safari do Java (Java 1.3.1) via the "Java Applet.plugin" and (indirectly) the Java Embedding Framework. I've never been able to find a truly comprehensive suite of LiveConnect tests. But the following URLs often get mentioned: http://www.simonstl.com/dynhtml/update/code/chap6/lc1.html http://www.simonstl.com/dynhtml/update/code/chap6/lc2.html http://information.overlaid.com/stable/weasel/installation/java.html http://www.mozilla.org/quality/browser/front-end/testcases/oji/liveconnecttest.html "Java Applet.plugin" fails them all. Banking sites often use applets (signed or unsigned) whose functions are invoked from JavaScript. Postbank.nl is one of these. People who want to use Mozilla-family browsers with these sites (or in general to do any sort of LiveConnect) should use the "MRJ Plugin JEP" that comes with the Java Embedding Plugin, either by itself (which gives you Java 1.3.1) or together with JavaEmbeddingPlugin.bundle (which gives you Java 1.4.X). http://javaplugin.sourceforge.net/ Both parts of this package (JavaEmbeddingPlugin.bundle and MRJPlugin.plugin) are in beta, and no doubt still have bugs. If/when you find one, please use the project's Bugs tracker to report it. En"joy" :-) And thanks in advance!
Updated•18 years ago
|
Severity: blocker → major
Comment 13•18 years ago
|
||
-> default assignee for old netscape assigned bugs.
Assignee: beard → yuanyi21
QA Contact: winnie → zhayupeng
Comment 14•11 years ago
|
||
Mass-closing bugs in the "OJI" component: OJI plugin integration was replaced with npruntime long ago, and these bugs appear to be irrelevant now. If there is in fact a real bug that remains, please file it new in the "Core" product, component "Plug-ins".
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•