Download (/inc/BrowserRedirect1.jsp?locale=en) Help (/en/download/help/index.xml)

Search

Printable Version (/en/download/help/java_blocked.xml?printFriendly=true)HELP RESOURCES

(/EN/DOWNLOAD/HELP/INDEX.XML)

Installing Java

(/en/download/help/index_installing.xml)

Remove Older Versions

(/en/download/faq/remove_olderversions.xml)

Disable Java

(/en/download/help/disable_browser.xml)

Using Java

(/en/download/help/index_using.xml)

General Questions

(/en/download/faq/index_general.xml)

Mobile Java

(/en/download/faq/index_mobile.xml)

Security (/en/security/)

Support Options (/en/download/support.jsp)

(http://www.liveperson.com/lp/java-help/?

BanID=22489)

Why

are

Java applications blocked by your security settings

with the latest Java?

This article applies to:

Java version(s): 7.0

SYMPTOMS

Starting with Java 7 Update 51, trying to run Java applications generates messages

Java applications are blocked by your security settings.

Missing Application-Name manifest attribute

Missing required Permissions manifest attribute in main jar

CAUSE

Java has further enhanced security to make the user system less vulnerable to external

exploits. Starting with Java 7 Update 51, Java does not allow users to run applications

that are not signed (unsigned), self-signed (not signed by trusted authority) or that are

missing permission attributes.

Risks involved in running applications

Unsigned application

An application without a certificate (i.e. unsigned apps), or missing application

Name and Publisher information are blocked by default. Running this kind of

application is potentially unsafe and present higher level of risk.

Self-signed application (Certificate not from trusted authority)

An application with self-signed certificate is blocked by default. Applications of this

type present the highest level of risk because publisher is not identified and the

application may be granted access to personal data on your computer.

Jar file missing Permission Attribute

Permissions Attribute verifies that the application requests the permission level

that developer specified. If this attribute is not present, it might be possible for an

attacker to exploit a user by re-deploying an application that is signed with original

certificate and running the application at a different privilege level.

SOLUTION

The application that you are running is blocked because the application does not comply

with security guidelines implemented in Java 7 Update 51.

Contact the developer or publisher of this application and let them know about

the application being blocked. You can refer them to these links that provide

information about implementing secure practices in the code for the application.

JAR File Manifest Attributes for Security

(http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html)

Java SE 7 Security Documentation

(http://docs.oracle.com/javase/7/docs/technotes/guides/security/)

Secure Coding Guidelines for the Java Programming Language, Version

4.0 (http://www.oracle.com/technetwork/java/seccodeguide-139067.html)

WORKAROUND

It is highly recommended not to run these types of applications. However if you still want

to run these apps, run only if you understand the risks and implications.

As a workaround, you can use the Exception Site list feature to run the applications

blocked by security settings. Adding the URL of the blocked application to the Exception

Site list allows it to run with some warnings.

Steps to Add URLs to the Exception Site list

Go to the Java Control Panel (On Windows Click Start and then Configure Java)

Click on the Security tab

Click on the Edit Site List button

Click Add in the Exception Site List window

Click in the empty field under the Location field to enter the URL

Example: http://www.example.com

(URL should begin with http:// or https://)

the URL

where the

applet is

hosted is

different

from the

URL of

the web

page from

which the

applet is

launched,

then you will need to add both the URL for the applet as well as the URL for

the web page.

Example with different URLs for the applet and the web page

For Yahoo games Checkers, you would enter both URLs (The urls listed can be

different depending on which host is serving the game)

1. http://www.games.yahoo.com

This is the url for the Yahoo games domain

2. http://yog36.games.sp2.yahoo.com

This is the url where the game is hosted and shown in the dialog box for the

blocked application

Click OK to save the URL that you entered

Click Continue on the Security Warning dialog

Applications where this issue has been reported

Yahoo Games

Ebay and Paypal Shipping Label

USAA

Etrade Marketcaster

We think you might also be interested in:

Developer - Java Security Manifest Changes in the Browser

(/en/download/faq/signed_code.xml)

How can I configure the Exception Site List?

(/en/download/faq/exception_sitelist.xml)

What should I do when I see a security prompt from Java?

(/en/download/help/appsecuritydialogs.xml)