While attempting to run Java-based applet or application, a security warning appears:
'Java has discovered application components that could indicate a security concern.’ This applies to: Java version 6.0 and 6 v19 +.
Signed Java Web Start applications and applets that contain signed and unsigned components could potentially be unsafe unless the mixed code was intended by the application vendor. As of the Java SE 6 Update 19 release, when a program contains both signed and unsigned components, a warning dialog is raised.
Referring to the mentioned warning, if the user clicks Yes, it blocks potentially unsafe components from running and the program may terminate. If the user clicks the No button, the application or applet continues execution. Raising a warning is the default behavior, but there are options available for users to manage this situation.
Mixed Code Protection Options for Users: User can manage how mixed code programs are handled through the Java Control Panel. To access the Java Control Panel, go to the Start menu, Control Panel and open the Java-Advanced-Security screen. Select the desired option:
- Enable - show warning if needed: This is the default setting. When a potential security risk is encountered, a warning dialog opens.
Clicking Yes blocks potentially unsafe components from running and may terminate the program. When the user clicks No, the application or applet continues execution with protections (packages or resources that are later encountered with the same names but have different trust levels, i.e., signed vs. unsigned, will not be loaded).
- Enable - hide warning and run with protections: This option suppresses the warning dialog. The code executes as if the user had clicked No from the warning dialog.
- Enable - hide warning and don't run untrusted code: This option suppresses the warning dialog and behaves as if the user had clicked Yes from the warning dialog.
- Disable verification: This option is not recommended. It completely disables the software from checking for mixed trusted and untrusted code, leaving the user to run potentially unsafe code without protection.