<br><br><div class="gmail_quote">On Sun, Nov 25, 2012 at 7:57 PM, Gordon Messmer <span dir="ltr"><<a href="mailto:yinyang@eburg.com" target="_blank">yinyang@eburg.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div id=":2to">Native code bundled and launched through JNLP is no more secure than Active X. JNLP is in practice a huge security hole, and should be treated as such.<div class="yj6qo ajU"><div id=":2ym" class="ajR" tabindex="0">
<img class="ajT" src="https://mail.google.com/mail/u/0/images/cleardot.gif"></div></div></div></blockquote></div><br>You *authorize* it to run, and it features code signing. That is like saying "installing a RPM is a huge security risk". Not if you know where it comes from, authorize its install, and the code has been digitally signed.<br>
<br>FC<br>