Am 13.05.2013 20:34, schrieb Bill Davidsen: > Fernando Cassia wrote: >> On Fri, May 3, 2013 at 6:09 PM, Reindl Harald <h.rei...@thelounge.net> wrote: >>> do NOT install it if you are not really use it! >> >> I could be wrong, but I believe the current OpenJDK and Icedtea-web >> approach is NOT to run unsigned applets by default, and modern >> browsers (ie Mozilla's Firefox) now feature CLICK TO RUN on all >> plug-in content. >> >> So, while I know by now -due to your repetition at every opportunity- >> that you hate applets, that advice is not needed anymore. There's no >> way code could run if you do not click-enable the plugin in the >> browser + grant permission on a per-site basis in the plugin's own >> dialogs. >> > What does it matter if he hate applets? His advice is good on this particular > topic, forcing the user to be aware > of the security issues and make good decisions about what to run is a bad > thing, too many people follow the "you > have to click this stupid warning before you can run the neat _steal all my > data_ game" approach
and the "There's no way code could run" attitude is naive there maybe in the future *a exploit* for the plugin itself leading to execute code *before* you have anything to click in case of security there is only one thumb rule: do not install and/or enable *anything* you do not *really* need and use, what is not there can not be affected by a security hole
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
