6 min to read
Java Web Applets
Java-run applications embeeded into the browser, also known as Java Web Applets.
Part 1 | Introduction | What are Java Applets and why do they exist?
Part 2 | In which scenarios where Java Applets used? | An in-depth look.
Part 3 | The bad security implications when it came to using Java Applets | A security nightmare.
While being useful for running complicated applications which are limited by usual web browser technologies, Java applets over time have raised a lot of security concerns. Java applets on your computer are powered by having Java installed on your computer which would be utilised by a Java plugin in your web browser which would overall allow them to communicate with each other and well, work. When these applications are being powered, the Java plugin and installation on your computer would create a sandboxed environment for the application to run in, also called a Java Virtual Machine (JVM) - Great, security peace in mind, no issues here. Well only if this was a perfect world. In these environments, malicous applications that seem safe can use vulnerabilities in the environment to escape the sandbox and this is bad news for anyone who keeps personal information on their computer or one of the many technical illiterate people who exist. When the application escapes the sandbox, it opens up a whole range of artillery and since the application has whole access to your computer, there is very little to stop it from doing damage to important system files or to stop it from sending all of your personal files and data to an external server since it, well, has access to it. This is a problem; Applications which are deemed safe by the user and websites can include malicous code which can do actions as listed above and can do so without any notification. Oracle, the company which owns Java frequently updated Java to patch these issues, but let’s all be honest, who updated Java? The odd day when you would get the “Java needs to update” notification balloon and the “Later” button would be abused to the point where you might as well call it a “Never remind be again” button, even if it did not exist. I was like that too, I never updated Java unless I reinstalled Windows on the odd time and reinstalled Java while I’m at it, concluding Java applets.
Part 4 | A brief look into the advantages and disadvantages | The conclusion
Overall, while being useful which has been proven by the test of time and powerful enough to run high power game demos in the browser or run complicated calculations for scientific research, Java applets turned out to not be worth the risk of security. Even though before Java applets had been completely phased out of the internet, Oracle did try their best to improve security, such as needing to accept clear security prompts for small things but it all did not work in the end and in a Java update which was released in September of 2018, support for applets was completely dropped, and for all of the good reasons. At the moment, we are currently seeing a similar thing happen with Flash player applications and while contrary to Java, Flash Player didn’t have many scenarios for usefulness or power demanding applications, they did have one purpose; To entertain kids born in the late 90s and early 2000s with sites such as Kongregate and Miniclip which still exist to this day. More information about Flash Games can be read in this HackDown article: Flash Games
Written by Java2107