2

Regarding the Java 0-day exploit I'd like to configure the Java Runtime such that it only executes signed applets, preferably such that I either

  • define a whilelist of certificates I allow
  • define allowed root certificates
  • prevent at least unsigned/untrusted applets from starting at all

How can I configure that?

Thanks

Marki

Improve this question
5
  • Have you considered just disabling Java in your browser completely?
    – Daniel Beck
    Commented Aug 30, 2012 at 15:39
  • 1
    @DanielBeck: It's not always an option, unfortunately.
    – grawity_u1686
    Commented Aug 30, 2012 at 15:51
  • @grawity Yes, but if Java isn't required for particular applications or uses, it's the best option.
    – Daniel Beck
    Commented Aug 30, 2012 at 15:54
  • 1
    Opera will let you disable Java, but enable it on a case-by-case basis.
    – dotancohen
    Commented Aug 30, 2012 at 17:48
  • Java IS required on the internal network for some apps. I don't want it to run stuff from the Internet.
    – Marki
    Commented Aug 30, 2012 at 20:14

1 Answer 1

Reset to default
0

What you want to achieve is mostly not impossible but very difficult as you have to modify the used JRE.

Therefore an easier approach is to use Java only on Internet pages you trust. This can be done e.g. in Firefox in combination with NoScript add-on. NoScript disables by default all plugins - they are only shown if the users enables the domain temporary or permanent.

Improve this answer
7
  • 1
    The problem with NoScript is that it disables JavaSCRIPT together with the rest. I don't want to lose Javascript. I want to disable Java on SOME sites. By site, by certificate or whatever. Doing that seems to be an impossible task.
    – Marki
    Commented Aug 30, 2012 at 20:13
  • In the default configuration, yes. But you can configure NoScript to block only plugin objects.
    – Robert
    Commented Aug 31, 2012 at 7:14
  • Ok, and how? I've seen this forum post: forums.informaction.com/viewtopic.php?f=7&t=9502 However it doesn't seem to really work for everyone.
    – Marki
    Commented Aug 31, 2012 at 7:52
  • In the configuration enable scripts globally and only disable the Java plugin.
    – Robert
    Commented Aug 31, 2012 at 11:14
  • Didn't I say that it needs to work for some sites?
    – Marki
    Commented Aug 31, 2012 at 16:54

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .