@perlguy Much appreciated report; thanks. Good to know how things are
working in Linux.
@ all
I am no Java security expert, but have been spending several days
researching (and banging my head on the desk!). Today -- after many hours
of fruitless work -- I decided to change my system policy file in a last
ditch attempt to get 1.7.0_45 to work on my current set-up (WIndows 7,
testing with portableapps.com Chrome and Opera, latest versions). Before
this I was using the policy file location reported by the Java console and
it worked until the last update to 45; I was not able to get TiddlySaver to
work using the published user locations since update 25 (IIRC).
It is now working in both browsers with TW 2.6.5 and 2.8.1 (only versions
I've tested) using the permissions I suggested earlier added to the end of
the system policy file. Actually, I've made one change others might not
want to use. I keep the various TW versions in separate directories below
the TW directory (not the one shown here, but similar) and don't want to
have a new permission for each directory. I've changed the 'grant' to the
one shown below. This means that any Java code in 'C:\TW' and its
subdirectories will be run, not just TiddlySaver, but for me this is not an
issue (YMMV).
grant codeBase "file:C:/tw/-" {
permission java.io.FilePermission "C:${/}tw", "read, write";
permission java.io.FilePermission "C:${/}tw${/}-", "read, write";
};
Obviously this is less than ideal as it requires administrator approval,
but I hope this helps a bit (as mentioned, I don't personally use the Java
functionality).
(For anyone else using portableApps, it turns out that Chrome uses the
Windows policy file while Opera uses the PortableApps java (CommonFiles)
policy file. Actually, my portable Java install is not up to date, so Opera
is only using update 15; I will post again if Opera doesn't work after I
update the portable Java install to 1.7.0_45.)
The latest update will apparently also necessitate changes to the
TiddlySaver.jar manifest file before it works properly as a signed jar (and
will then hopefully also survive future Oracle attacks), but I need to
research this more when I have time. My guess is that this is also why the
latest update is failing.
Hopefully a signed jar that works with updated policy files in current Java
versions, and with old policy files pre-45, will be available in the next
few weeks.
As always, I'd be grateful for any feedback, and/or pointers from Java
security nerds.
Cheers, Paul.
--
You received this message because you are subscribed to the Google Groups
"TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/tiddlywiki.
For more options, visit https://groups.google.com/groups/opt_out.
