|
Quick Lists
|
|
Bug ID:
|
4822111
|
|
Votes
|
0
|
|
Synopsis
|
"Do not show this advisory again." option does not work as expected.
|
|
Category
|
javawebstart:app_mgr
|
|
Reported Against
|
1.2
|
|
Release Fixed
|
|
|
State
|
11-Closed,
Will Not Fix,
request for enhancement
|
|
Priority:
|
5-Very Low
|
|
Related Bugs
|
|
|
Submit Date
|
21-FEB-2003
|
|
Description
|
FULL PRODUCT VERSION :
1.4.1_01 (irrelevant)
A DESCRIPTION OF THE PROBLEM :
"Do not show this advisory again." option does not work as
I would expect or desire.
RFE: Please offer several advisory options either on the
file-open dialog itself or within webstart preferences,
such as
Do no show this advisory again
(1) ever.
(2) for this application only.
(3) for this application until it is restarted.
Or
Show this advisory
(1) for every file this application opens.
(2) for the first file this application opens each session.
(3) never again for this application.
(4) never again for any webstart application.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
(1) Launch Java Web Start
(2) Start Notepad App, Sun's example application (or, I suppose, any other
application which opens a file)
(3) Choose "Open" from Notepad's File menu
(4) Check "Do not show this advisory again." in the Security Advisory dialog.
(5) Click "Yes" or "No" to dismiss dialog
(6) Choose "Open" from Notepad's File menu. As expected, no Security
Advisory appears.
(7) Choose "Exit" from Notepad's File menu.
(8) Restart Notepad App
(9) Choose "Open" from Notepad's File menu.
The Security Advisory appears.
But I would have expected it to be suppressed forever, at least for Notepad
App.
If a user understands and allows Notepad App to use the FileOpenService
this morning,
wouldn't that user also want to allow it this afternoon too?
It seems that if "Do not show this advisory again." is checked,
then Web Start should persist the user's Yes/No choice for all future
launches of Notepad App.
EXPECTED VERSUS ACTUAL BEHAVIOR :
I would expect and prefer that the user choice to "Do not
show this advisory again." would persist into future
sessions with the same application.
I would expect and prefer a Webstart preference to suppress
the advisory across all applications forever.
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER WORKAROUND :
User must do extra clicking (and worrying?) each session.
(Review ID: 181151)
======================================================================
|
|
Work Around
|
N/A
|
|
Evaluation
|
Discription requests 3 configurable meanings for "do not ask again" in SmartSecurityDialog.
1.) ever - this is unsecure and we cannot do, user wanting to give additional
permissions to one unsigned application cannot imply his permission to give
that permission to all xxxxx s.
2.) forever, for this app. - this would be possible to implement in a future
release, but we would have to consider possibility of user changing his
mind. (allowing him at least to switch to 3. below)
3.) for this instance of this application - this is what we have implemented
now.
/Andy
|
|
Comments
|
Submitted On 23-APR-2003
bobbing
Not sure I understand. Option 1--completely turning off
webstart's warning dialog--would not allow sandboxed apps to
freely pillage the file system. They would still need to
work through the FileOpenService, which keeps the user in
the loop, right?
PLEASE NOTE: JDK6 is formerly known as Project Mustang
|
|
|
|
