Slashdot Mirror

← Back to Stories (view on slashdot.org)

Java Update Implements Whitelists To Combat 0-Day Hacks

Posted by timothy on from the let's-see-your-invitation dept.

kylus writes "The Register is reporting that Oracle's new Java 7 update 40 release comes complete with a new 'Deployment Rule Set' capability which allows administrators to define which particular applets and Java Web Start applications ('Rich Internet Applications') are permitted to run on a given machine. Not a complete solution for the recent trend of Java hacks that have cropped up, but good news for enterprises that have to run this in their environment." Update: 09/19 20:08 GMT by U L : There's an introduction to deploying rule sets on the Java platform group weblog too.

2 of 55 comments (clear)

  1. About time by benjfowler · · Score: 5, Insightful

    Like it or not, a lot of crap line-of-business/enterprise software still uses old, hacked-together garbage applets, and they need to be supported.

    There's quite a few games out there written as applets too (e.g. Minecraft, the Jin Chess Client), and speaking for myself, I want to run one or two of them without feeling like I'm holidaying in Baghdad.

  2. Re:pointless by h4rr4r · · Score: 5, Insightful

    No everyone has not. There are a great many enterprise apps that companies rely on that need this. Normal users will not know to turn it on, nor to turn it off.