Monday, January 26, 2015

Chasing Java 8

Last year brought multiple breaches in the security basement of middleware applications. While old systems still rely on weak protocols and compromised libraries modern versions of Java and browsers mushroom security restrictions. One of the latest – JRE 8 and Oracle Forms compatibility. Unlike JRE about Forms and code compatibility, it’s all about security enforcement. To minimize modifications on the user side you should meet the follow challenges:

  • JRE 8 has no “Medium” security level – All sources should be trusted and libraries signed. 
  • JRE 8 uses TLS 1.2 by default and does not download JAR libraries even from TLS 1.0 sources.
I have no Oracle Forms installed, however I use plain old Java Applet application, so configuration should be mostly the same. There are to many words for a single post so I had to split into parts:

I still have warnings mostly because I use non public Certificate Authority and have not implemented Online Certificate Status Protocol. You should be fine with any of big authorities.

Hope you it would be helpful.

No comments: