1 |
I admit that Oracle finally did something right by requiring a white-list |
2 |
of all java websites you want to use, but it's taken me all morning to |
3 |
understand how to do it. |
4 |
|
5 |
AFAICT, the only way to white-list a website is to use the Java Control |
6 |
Panel (jcontrol) and type the full URL including the http:// or preferably |
7 |
the https:// if you don't want a nag screen. |
8 |
|
9 |
For example, here's a site I visit every morning: |
10 |
|
11 |
http://www.goes.noaa.gov/goes-w.html which lets me watch a java-powered |
12 |
image loop of the weather over the Pacific Ocean. |
13 |
|
14 |
Now I click on the button to animate the image, and I get a pop-up saying |
15 |
that this untrusted website wants to do something awful and refuses to let |
16 |
it run java, period. No explanation of how I can 'trust' the website. |
17 |
|
18 |
How many people are going to figure out they need to run the Java Control |
19 |
Panel and manually add this site to the list of trusted sites? |
20 |
|
21 |
And, now that I've added "http://www.goes.noaa.gov" manually, I try the |
22 |
site again. |
23 |
|
24 |
Nope. The jar file I need is on a "different domain" (www.sdd.noaa.gov) |
25 |
so now I need to add that URL to the white list <sigh> including http:// |
26 |
|
27 |
Now, I agree that they did it right from a security point of view, but |
28 |
jeez, they could have done the user interface a bit better. |
29 |
|
30 |
Or maybe they did it better and I haven't found it yet? |