<div dir="ltr">Hi Bill,<div><br></div><div style>> What about this huge Java security issue?</div><div style><br></div><div style>Please send a link, so we know which one you're talking about.</div><div style><br></div>
<div style>If you are talking about the series of highly publicized applet vulnerabilities that have been reported since last fall [1], they only apply to applets. Running ImageJ as a desktop application, which is what most of us do, already grants permission for ImageJ to act on your behalf. In other words, desktop applications typically run with all permissions of the user (though that is no longer true on mobile platforms, which have more granular permissions systems).</div>
<div style><br></div><div style>Note that the exploits being reported work by attackers crafting a special applet that escapes the Java sandbox to install malware. Running ImageJ as an applet from a trusted web site poses no issue. You can use a tool such as NoScript [2] to allow only specific trusted sites such as <a href="http://imagej.nih.gov">imagej.nih.gov</a> to run Java applets.</div>
<div style><br></div><div style>Regards,</div><div style>Curtis</div><div style><br></div><div style>[1] <a href="http://www.reuters.com/article/2013/01/11/us-java-security-idUSBRE90A0S320130111">http://www.reuters.com/article/2013/01/11/us-java-security-idUSBRE90A0S320130111</a></div>
<div style>[2] <a href="http://noscript.net/">http://noscript.net/</a></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jan 11, 2013 at 2:15 PM, Mohler,William <span dir="ltr"><<a href="mailto:WMohler@neuron.uchc.edu" target="_blank">WMohler@neuron.uchc.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
Sent from my Verizon Wireless 4G LTE DROID<br>
_______________________________________________<br>
ImageJ-devel mailing list<br>
<a href="mailto:ImageJ-devel@imagej.net">ImageJ-devel@imagej.net</a><br>
<a href="http://imagej.net/mailman/listinfo/imagej-devel" target="_blank">http://imagej.net/mailman/listinfo/imagej-devel</a><br>
</blockquote></div><br></div>