Posted by bghandras on 2014-05-07 11:05:12
I was told this poses some security risk. Not sure why, but if there is any IT expert, then please elaborate.
Posted by Garion on 2014-05-07 11:11:59
interesting, that would be good to know.
Posted by the_Sage on 2014-05-07 11:16:06
I was told this too; do not recall by whom. I did do this trick, and found it very helpful =)
Posted by Overhamsteren on 2014-05-07 12:04:51
Copy'n'Paste dat RAGE!!!
Posted by Christer on 2014-05-07 16:33:16
What this does is that it allows any Java application to access your system clipboard, meaning a java application has the ability to see everything you copy/paste.
The security risk is that you may have a document where you store your various passwords for all sorts of websites (banking, email, etc). Because you are security aware, these passwords are long and gnarly. You're also very efficient in nature and don't want to waste time by retyping these passwords into your web browser, so you have a habit of copy/pasting the passwords from your document into the site password field.
Now, with this policy change you just did, a malicious java applet (which could be a banner ad in another browser window or another browser entirely) will have the ability to access that password you just copied.
Now, this isn't very far fetched either, and it's quite possible that there are malicious applets out there that do just this. So if you decide to go ahead with the policy change, be aware that there is a real security risk in doing so and act accordingly. One example could be to make sure that no Java applets are allowed to run in your browser (which you should do regardless), for example by disabling the java extension in your browser of choice.
Posted by mrt1212 on 2014-05-07 17:45:05
Christer knows whats up with secuirity.
Posted by Jeffro on 2014-05-07 18:04:39
Rated 6 for Christer Latin' down some knowledgez.
Posted by bobafettsmum on 2014-05-07 18:47:16
I looked at the instructions and decided this is too much hassle anyway. No security risk for me!!! :-D
Posted by Balle2000 on 2014-05-07 19:51:34
What happens in Vegas, stays in Vegas. And Blood Bowl. So don't copy and tell.
Posted by Wreckage on 2014-05-08 18:45:37
These days java is deactivated on default in most browsers. Whenever there is a java application you have to actually click it for it to run.
I don't really see how a banner could circumvent or even work like this.
My question would be if there is some way for a malicious java tool to circumvent this?