[pve-devel] new vnc 1.2 works fine now with http://fqdn....

Alexandre DERUMIER aderumier at odiso.com
Sat Apr 20 17:43:21 CEST 2013


Works fine here too ! Thanks !


----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Samedi 20 Avril 2013 16:14:28 
Objet: RE: [pve-devel] new vnc 1.2 works fine now with http://fqdn.... 

Hi Alexandre, 

that really solved the problem - please can you verify: 

https://git.proxmox.com/?p=vncterm.git;a=summary 

Many thanks for finding this! 

Besides, I still do not understand how that improves security. 

> -----Original Message----- 
> From: Alexandre DERUMIER [mailto:aderumier at odiso.com] 
> Sent: Samstag, 20. April 2013 09:03 
> To: Dietmar Maurer 
> Cc: pve-devel at pve.proxmox.com 
> Subject: Re: [pve-devel] new vnc 1.2 works fine now with http://fqdn.... 
> 
> If I understand, it seem that the problem is that we interact from extjs javascript 
> (unsigned code) with vnc java console (signed code). 
> 
> Maybe adding "Trusted-Library: true " to VncViewer.jar manifest.mf could help ? 
> 
> 
> ----- Mail original ----- 
> 
> De: "Alexandre DERUMIER" <aderumier at odiso.com> 
> À: "Dietmar Maurer" <dietmar at proxmox.com> 
> Cc: pve-devel at pve.proxmox.com 
> Envoyé: Samedi 20 Avril 2013 08:56:29 
> Objet: Re: [pve-devel] new vnc 1.2 works fine now with http://fqdn.... 
> 
> I found this on the net: 
> 
> " 
> Java 7 Update 21 was released on April 16 2013 and caused our applet to start 
> showing this warning dialog. 
> 
> Per the release notes: As of JDK 7u21, JavaScript code that calls code within a 
> privileged applet is treated as mixed code and warning dialogs are raised if the 
> signed JAR files are not tagged with the Trusted-Library attribute. 
> 
> To fix this edit your manifest.mf file and add a line like this: 
> 
> Trusted-Library: true 
> You should be very careful before doing this though. If your signed applet can be 
> called from javascript then a malicious user can potentially do harmful things on 
> your users' computers. 
> 
> One quick way to secure your applet is to prevent it from being run on other 
> websites. Do this by putting code in the init() method that looks at 
> getCodeBase().getHost() and throws an exception if it does not match your site. 
> " 
> 
> ----- Mail original ----- 
> 
> De: "Dietmar Maurer" <dietmar at proxmox.com> 
> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
> Cc: pve-devel at pve.proxmox.com 
> Envoyé: Vendredi 19 Avril 2013 18:10:12 
> Objet: RE: [pve-devel] new vnc 1.2 works fine now with http://fqdn.... 
> 
> > Oops, sorry, It's work fine after unblock, my vm was not started ;) 
> > 
> > Don't known why all the code is not signed.... 
> 
> Our Applet is signed, but seem that oracle does not like our certificate. 
> You can even install the CA as trusted CA, does not help. 
> 
> But you can set java "Mixed Code" option to 
> 
> "hide warning and run with protections" 
> 
> IMHO, oracle does not really know what they do. 
> I mean, if a user wants to trust in something , why does he need to answer that 
> question again and again? 
> 
> And why is the code mixed? (I sign the whole applet?) 
> 
> Any insights are welcome. 
> _______________________________________________ 
> pve-devel mailing list 
> pve-devel at pve.proxmox.com 
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 


More information about the pve-devel mailing list