Furry stuff, oekaki stuff, and other stuff.
You are not logged in.
This was brought up here when I mentioned making an oekaki plugin for wedge's image gallery when they release in open beta. One of the co-devs said java in and of itself is a security risk. Compiled with the fact that PaintBBS and Shi-Painter are old and haven't been updated, I wondered if this might be true?
Are the applets at risk to attackers? And what is your opinion on java in general?
People worrying about Java has been going on since forever. Java is just like any other piece of networked software, where every now and then a security hole is found, and the company releases a patch to fix it. So long as you regularly update Java, it won't pose any more of a risk than the web browser itself. If your system is set up with a "normal" install of Java, it will automatically update itself every few weeks or so.
The reason why everyone is getting edgy about Java security is because Adobe Flash has had multiple security issues in the past, and now people are getting paranoid about all web browser plug-ins. It doesn't help that the developers of Firefox are usually blaming problems with their web browser on bad plug-ins instead of admitting that Firefox itself has issues. Java itself has a good track record as far as security is concerned, and doesn't really pose a risk.
As for the oekaki applets, they are just applications. The concern about Java security stems from malicious web sites running their own [evil] Java applets on your computer, rather than trying to exploit or hijack other applets, like the oekaki applets.
Of course, I'm talking about security problems on the client end. That thread you mentioned seems to be worrying about security on the server end, and Java simply does not pose a security risk there. The only problem is when data is being received from a Java applet and isn't being filtered correctly before it is saved on the server. If Java can break the server, then there is something wrong with the server itself and banishing Java will accomplish nothing.
Thank you for your reply, Waccoon. I feel the same way but didn't want to step on toes over there.
But that's not the point; anyway...I have dreamhost, so I HIGHLY doubt I will have a problem server-side, so I will still start development when I get the wedge codebase.
Last edited by siliconsara (10-03-2012 21:33:01)