Using Java Applets vs. Java Web Start Technology for Remote Access

Posted by Ming Jan Sam Wed, 07 Aug 2013 11:36:00 GMT

The security of sensitive company resources is one of the highest priorities within companies, of course. However, companies also cannot circumvent the use of remote access solutions to allow employees working in a mobile environment – anywhere and anytime. This trend forms the need for secure remote access solutions that meets both needs – security and flexibility. 

Since most of the SSL VPNs are based on Java technology, companies currently struggle with the recent security alerts stating vulnerabilities relating to Java. Even some Internet browsers have automatically disabled the use of Java until the security gaps have been closed.

But – there are ways to cope with this challenge without the need to completely dismiss Java-based solutions. In the following, we explain why Java Web Start is far less vulnerable than Java Applets and thus is strongly recommended to be used for secure remote access.

The Java Runtime Environment is the same for Java Applets, Java Web Start and locally running applications (like Eclipse).

But, Java Applets can be run in the background (hidden from the user). This means a Java applet can be integrated in any website and is executed by the browser and Java plugin when the site is loaded. 

This is usually no problem as long as the security mechanism of Java has no security vulnerabilities. However, no software is perfect and such problems can occur in plugins like Java, Adobe Flash or in Java Script in the browser itself.

One principle for security is to inform the user that a specific piece of code is being executed on the client system and to identify where the code comes from (signatures). 

Java does the same for Java applets with the exception that unsigned Java applets are automatically executed within a sandbox. This works quite perfectly as long as the sandbox is secure. 

The difference of Java Web Start is now that the code is executed outside the browser and can only be executed if confirmed by the user and if the code is signed. 

Java applets can then be disabled in the browser. The Java Web Start application runs indeed with the same access rights like any other locally installed application.

The advantage of Java Web Start is that it always updates the code from the web server like it is done with Java applets. 

no comments |

You must be registered in order to write comments. To register as a new user click here.

If you're already registered, please leave a comment here

Leave a comment