BQE Knowledgebase



Java has discovered application components that could indicate a security concern

Problem: While attempting to run Java-based applet or application, a security warning appears:
'Java has discovered application components that could indicate a security concern.’ This applies to: Java version 6.0 and 6 v19 +.

Cause: Signed Java Web Start applications and applets that contain signed and unsigned components could potentially be unsafe unless the mixed code was intended by the application vendor. As of the Java SE 6 Update 19 release, when a program contains both signed and unsigned components, a warning dialog is raised.
Solution: Referring to the mentioned warning, if the user clicks Yes, it blocks potentially unsafe components from running, and the program may terminate. If the user clicks the No button, the application or applet continues execution. Raising a warning is the default behavior, but there are options available for users to manage this situation.
Mixed Code Protection Options for Users: User can manage how mixed code programs are handled through the Java Control Panel. To access the Java Control Panel, go to Start menu, Control Panel and open the Java-Advanced-Security screen. Select the desired option:
Enable - show warning if needed: This is the default setting. When a potential security risk is encountered, a warning dialog opens.
Clicking Yes blocks potentially unsafe components from running and may terminate the program. When the user clicks No, the application or applet continues execution with protections (packages or resources that are later encountered with the same names but have different trust levels, i.e., signed vs. unsigned, will not be loaded). 
Enable - hide warning and run with protections: This option suppresses the warning dialog. The code executes as if the user had clicked No from the warning dialog. 
Enable - hide warning and don't run untrusted code: This option suppresses the warning dialog and behaves as if the user had clicked Yes from the warning dialog. 
Disable verification: This option is not recommended. It completely disables the software from checking for mixing trusted and untrusted code, leaving the user to run potentially unsafe code without protections.
Cause: Signed Java Web Start applications and applets that contain signed and unsigned components could potentially be unsafe unless the mixed code was intended by the application vendor. As of the Java SE 6 Update 19 release, when a program contains both signed and unsigned components, a warning dialog is raised.

Solution:
Referring to the mentioned warning, if the user clicks Yes, it blocks potentially unsafe components from running and the program may terminate. If the user clicks the No button, the application or applet continues execution. Raising a warning is the default behavior, but there are options available for users to manage this situation.

Mixed Code Protection Options for Users:
User can manage how mixed code programs are handled through the Java Control Panel. To access the Java Control Panel, go to the Start menu, Control Panel and open the Java-Advanced-Security screen. Select the desired option:

  • Enable - show warning if needed: This is the default setting. When a potential security risk is encountered, a warning dialog opens.
Clicking Yes blocks potentially unsafe components from running and may terminate the program. When the user clicks No, the application or applet continues execution with protections (packages or resources that are later encountered with the same names but have different trust levels, i.e., signed vs. unsigned, will not be loaded). 
  • Enable - hide warning and run with protections: This option suppresses the warning dialog. The code executes as if the user had clicked No from the warning dialog. 
  • Enable - hide warning and don't run untrusted code: This option suppresses the warning dialog and behaves as if the user had clicked Yes from the warning dialog. 
  • Disable verification: This option is not recommended. It completely disables the software from checking for mixed trusted and untrusted code, leaving the user to run potentially unsafe code without protection.


Related Articles

Attachments

No attachments were found.

Visitor Comments

Article Details

Last Updated
1st of October, 2013

Product
ArchiOffice 2010, 2011, EngineerOffice 2010, 2011

Would you like to...

Print this page  Print this page

Email this page  Email this page

Post a comment  Post a comment

 Subscribe me

Subscribe me  Add to favorites

Remove Highlighting Remove Highlighting

Edit this Article

Quick Edit

Export to PDF


User Opinions

100% thumbs up 0% thumbs down (2 votes)

How would you rate this answer?




Thank you for rating this answer.

Continue