[ImageJ-devel] What about this huge Java security issue?? How do we keep ImageJ users both safe and satisfied with a Java platform?

Curtis Rueden ctrueden at wisc.edu
Fri Jan 11 14:29:08 CST 2013


Hi Bill,

> What about this huge Java security issue?

Please send a link, so we know which one you're talking about.

If you are talking about the series of highly publicized applet
vulnerabilities that have been reported since last fall [1], they only
apply to applets. Running ImageJ as a desktop application, which is what
most of us do, already grants permission for ImageJ to act on your behalf.
In other words, desktop applications typically run with all permissions of
the user (though that is no longer true on mobile platforms, which have
more granular permissions systems).

Note that the exploits being reported work by attackers crafting a special
applet that escapes the Java sandbox to install malware. Running ImageJ as
an applet from a trusted web site poses no issue. You can use a tool such
as NoScript [2] to allow only specific trusted sites such as
imagej.nih.govto run Java applets.

Regards,
Curtis

[1]
http://www.reuters.com/article/2013/01/11/us-java-security-idUSBRE90A0S320130111
[2] http://noscript.net/


On Fri, Jan 11, 2013 at 2:15 PM, Mohler,William <WMohler at neuron.uchc.edu>wrote:

>
> Sent from my Verizon Wireless 4G LTE DROID
> _______________________________________________
> ImageJ-devel mailing list
> ImageJ-devel at imagej.net
> http://imagej.net/mailman/listinfo/imagej-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://imagej.net/pipermail/imagej-devel/attachments/20130111/790f7305/attachment.html>


More information about the ImageJ-devel mailing list