On Sun, Nov 25, 2012 at 7:57 PM, Gordon Messmer <yinyang(a)eburg.com> wrote:
Native code bundled and launched through JNLP is no more secure than
Active X. JNLP is in practice a huge security hole, and should be treated
as such.
You *authorize* it to run, and it features code signing. That is like
saying "installing a RPM is a huge security risk". Not if you know where it
comes from, authorize its install, and the code has been digitally signed.
FC