Java run ONLY certain signed applets

2

1

Regarding the Java 0-day exploit I'd like to configure the Java Runtime such that it only executes signed applets, preferably such that I either

  • define a whilelist of certificates I allow
  • define allowed root certificates
  • prevent at least unsigned/untrusted applets from starting at all

How can I configure that?

Thanks

Marki

Marki

Posted 2012-08-30T15:35:11.333

Reputation: 572

Have you considered just disabling Java in your browser completely? – Daniel Beck – 2012-08-30T15:39:42.000

1@DanielBeck: It's not always an option, unfortunately. – user1686 – 2012-08-30T15:51:35.693

@grawity Yes, but if Java isn't required for particular applications or uses, it's the best option. – Daniel Beck – 2012-08-30T15:54:38.923

1Opera will let you disable Java, but enable it on a case-by-case basis. – dotancohen – 2012-08-30T17:48:53.793

Java IS required on the internal network for some apps. I don't want it to run stuff from the Internet. – Marki – 2012-08-30T20:14:58.090

Answers

0

What you want to achieve is mostly not impossible but very difficult as you have to modify the used JRE.

Therefore an easier approach is to use Java only on Internet pages you trust. This can be done e.g. in Firefox in combination with NoScript add-on. NoScript disables by default all plugins - they are only shown if the users enables the domain temporary or permanent.

Robert

Posted 2012-08-30T15:35:11.333

Reputation: 4 857

1The problem with NoScript is that it disables JavaSCRIPT together with the rest. I don't want to lose Javascript. I want to disable Java on SOME sites. By site, by certificate or whatever. Doing that seems to be an impossible task. – Marki – 2012-08-30T20:13:49.030

In the default configuration, yes. But you can configure NoScript to block only plugin objects. – Robert – 2012-08-31T07:14:08.083

Ok, and how? I've seen this forum post: http://forums.informaction.com/viewtopic.php?f=7&t=9502 However it doesn't seem to really work for everyone.

– Marki – 2012-08-31T07:52:40.920

In the configuration enable scripts globally and only disable the Java plugin. – Robert – 2012-08-31T11:14:20.123

Didn't I say that it needs to work for some sites? – Marki – 2012-08-31T16:54:04.830

I was talking about the base configuration. Furthermore you can disable NoScript completely for selected sites. Hence you have JavaScript working on all sites and Java working only on selective sites. Didi I miss anything? – Robert – 2012-08-31T17:49:20.520

Well, yeah, actual instructions on how to really accomplish that using NoScript. – Marki – 2012-09-03T20:27:38.777

Asked: 2012-08-30T15:35:11.333

Viewed: 214 times

Active: 2012-08-30T17:05:58.483