Bug ID: 7067943 Multiple Click for Self Signed Security Dialog

7067943 : Multiple Click for Self Signed Security Dialog

Details

Type:	Enhancement	Submit Date:	2011-07-16
Status:	Resolved	Updated Date:	2012-08-02
Project Name:	JDK	Resolved Date:	2011-12-19
Component:	deploy	OS:	windows_xp
Sub-Component:	deployment_toolkit	CPU:	x86
Priority:	P2
Resolution:	Fixed
Affected Versions:	6u23
Fixed Versions:	8

Related Reports

Backport:	JDK-2216937 - Multiple Click for Self Signed Security Dialog
Relates:	JDK-6982308 - Update security dialog designs to make the messaging clear

Sub Tasks

Description

Accepting Self Signed warning dialog should require multiple clicks.

This would be similar to install dialogs that require the user to explicitly acknowledge that they've read the terms of use or license agreement in order to continue.

Users should still have the option of always trusting that signature + location combination but for self-signed applications this option should be hidden either by a fold, or in a secondary window.

The user would have to select the checkbox to enable the "Run" option.

Clicking  "Show Options", either on the text or in the triangle next to it, would expand the window and show the option of always trasting apps signed with that certificate if they originate from the same location.

See this presentation on the need for this fix and proposed designs:
http://xdesign.us.oracle.com/projects/java/j2se/7/client/security/self_signed_security_dialogs_v4.pdf

Based on PRD item 
http://oracleplan.oracle.com/gotoEntity?entityType=FEATURE&entityId=666516

Comments

SUGGESTED FIX

Suggested release notes text:

The self-signed Security Warning dialog has been modified to include more direct language and now has an additional step required before the Run button is enabled. In addition, the "Always trust content from the publisher" checkbox has been placed under the "Show Options" heading. These changes are in accordance with RFE 7067943.

2012-08-02

EVALUATION

After discussion with UE team, we have agree to implement option #1 in UE design doc for JDK8.

2011-07-21

SUGGESTED FIX

See this presentation on the need for this fix and proposed designs:
http://xdesign.us.oracle.com/projects/java/j2se/7/client/security/self_signed_security_dialogs_v4.pdf

Also, this dialog was presented during the usability study in May 2011.  Results are here:
http://xdesign.us.oracle.com/projects/java/j2se/8/client/security/images/self-signed-dialog-update.png

2011-07-16

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together