JAVA 2 JRE and Applets

From: Gil (gil_at_humbug.co.uk)
Date: 12/03/03 

Date: 3 Dec 2003 08:18:35 -0800

I'm going to come over as a bit of a newbie here, but I've been using
Java (mostly for applications, rather than applets) since 1997 and I'm
finding it hard to get to grips with what's going on.

Put simply, as a trivial example, here it is:

I have a very simple applet, built in an early javac at :
http://www.amazonsystems.co.uk/data/morn.htm

Up till recently, this has worked fine with all Windows (I haven't
tried Unix etc) versions of IE, Netscape and other common browsers
(presumably with Java 1 JREs). Since the advent of Java 2... I get a
variety of problems on various machines and browsers with JRE 1.3
onwards, such as Class not Found or Security Exception when accessing
via a proxy, all of which culminate in the extremely irritating status
message "notinited".

I would have expected a spot of forward compatibility, but I suppose
if what we're doing is improving security, then it's fair enough.

What isn't fair enough is that after a good deal of poking around in
Google groups, I haven't been able to find out what you do to make it
all work. Do I recompile the applets with a Java2 compiler, and if I
do will they still work with an old JRE as long as I don't use new
Java2 features? Do I have to find out (using Javascript or whatever)
what JRE is in the browser and nominate a different class for
different JRE generations? Is there a simple tweak that a Windows
user has to do to his options that gets round the proxy security
restriction? I've seen something for Linux, but not Windows.

If this is answered elsewhere, as it ought to be, then I'm happy just
to be redirected. On the other hand, I looked at the Sun site and
couldn't find the relevant data there.

TIA

Gil

Relevant Pages

  • [NT] Vulnerabilities in Microsofts Java implementation
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... found in the Java environment. ... Java Applets are not shown at all in mail messages; ... Native methods are pieces of ordinary machine language code contained by ...
    (Securiteam)
  • [NT] Vulnerabilities in Microsofts Java Environment (Additional details)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... found in the Java environment. ... Java Applets are not shown ... Native methods are pieces of ordinary machine language code contained by ...
    (Securiteam)
  • Re: java2
    ... Sun refuses to acknowledge that the security of a system can/will most likely be compromised due to elevation of privleges in java applets. ... Also, when a system is updated with the latest JRE to resolve security issues the older, vulnerable version is left behind. ... Sun claims that files in the older, vulnerable versions are replaced, thus mitigating any security issues and that the vulnerable versions can not be called by malicious coders. ...
    (microsoft.public.windowsupdate)
  • Re: java2
    ... Here's another security risk from Sun: ... Ghosts Of Java Haunt Users ... Also, when a system is updated with the latest JRE to resolve security issues the older, vulnerable version is left behind. ...
    (microsoft.public.windowsupdate)
  • Re: java2
    ... elevation of privleges in java applets. ... when a system is updated with the latest JRE to resolve security ... The latest version of the Java Runtime Environment (JRE) contains updates to previous ... Here's a list of vulnerabilities with Sun's java since June 29th ONLY: ...
    (microsoft.public.windowsupdate)