[pve-devel] new vnc 1.2 works fine now with http://fqdn....

Dietmar Maurer dietmar at proxmox.com
Sun Apr 21 09:15:03 CEST 2013


> You miss the point. Once you accept a digitally signed applet from a specific
> source you have forever accepted any applet signed with this certificate
> regardless of the server sending it to you to run on your computer with full
> access. If the user also have answered yes to run this applet every time there will
> be no warning the next time an applet signed with the same certificate wants to
> run on the users computer regardless of the applets point of origin.

No, I do not miss the point. I do not say that this is particularly good,
but it is not really worse than an locally installed application with 'auto-update' feature.
I am always scared when I see what my printer driver software is doing ;-)

Besides, I do not understand why oracle choose such defaults. I guess it would
be much safer to only allow specific applets.



More information about the pve-devel mailing list