Today, Oracle plans to deliver a new Java CPU release, Oracle Java SE 7 Update 21 (Java SE 7u21), which will deliver new security features and remediation. Most significant is a strong recommendation that all Java applets and Web Start Applications using the Java plug-in to run in browsers should be signed with a trusted certificate for the best user experience.
 |
Application code signing provides numerous security benefits to users. Java supports code signing, and now Java SE 7u21 introduces changes to security levels on the security slider within the Java Control Panel. Specifically, all Java code executed within the client’s browser will prompt the user. The type of dialog messages the user sees depends upon the risk factors.
- Low-risk scenarios present a very minimal dialog and include a checkbox to not display similar dialogs by the same vendor in the future.
- Higher risk scenarios, such as running unsigned jars, will require more user interaction given the increased risk.
The Java Applet & Web Start - Code Signing is encouraged for all customers to adopt.
Java Applet & Web Start - Code Signing (Oracle Technology Network FAQ)
Java Content in the Browser — Application Publisher Security Messages (Java.com FAQ)
- What Should I Do When I See a Security Prompt from Java? (Java.com FAQ)