Page MenuHomePhabricator
Create Task
Maniphest T62287

sign cortado applet so that it works for people with outdated java
Closed, InvalidPublic
Actions

Description

So I was testing timedmediahandler on computers at my university (I figure they represent a fairly common config).

On MSIE:
*I hit play button on an audio file
*Goes to java cortado fallback as it should
*Prompt comes up saying my java is out-dated
*I click continue anyways
*Pop up says applet is blocked by your security settings (My security setting is "high" which is the default. Apparently this blocks all unsigned java applets when you need an upgrade.

There's probably a good portion of our user base using old java. Signing the applet should get around this. There's a signed version at http://theora.org/cortado.jar, in my experiments, the copy of IE I did the test on successfully loaded this version (After a are you sure prompt).

We could potentially just use this signed version, however it would probably be ideal if instead Wikimedia signed the applet we serve, as then the publisher would be listed as "Wikimedia", so people would be more likely to trust it vs a publisher as some random person.

See also: http://www.java.com/en/download/help/jcp_security.xml

Version: unspecified
Severity: normal
See Also:
https://rt.wikimedia.org/SelfService/Display.html?id=7695

Details

Reference
bz60287

Related Objects

Event Timeline

bzimport raised the priority of this task from to Lowest.Nov 22 2014, 2:52 AM
bzimport added projects: TimedMediaHandler, acl*sre-team.
bzimport set Reference to bz60287.
Bawolff created this task.Jan 21 2014, 4:16 PM
Bawolff added a comment.Jun 15 2014, 11:38 PM

Finally got around to filing an RT ticket for this:

RT 7695

Bawolff added a comment.Jun 19 2014, 5:15 PM

There's a signed version at http://theora.org/cortado.jar

In some security settings, the permissions attribute is also required, which that copy is missing.

(In reply to Bawolff (Brian Wolff) from comment #1)

Finally got around to filing an RT ticket for this:

RT #7695

So to summarize what was said there.

I had assumed this was something that could easily be done with our existing SSL certs. That was an incorrect assumption, and we would need to buy a new cert. Its unclear if we want to do that since work is ongoing on Brion's js ogv player.

http://lists.wikimedia.org/pipermail/multimedia/2014-June/000664.html

TheDJ added a comment.Aug 19 2014, 12:33 PM

Is this any closer now after that discussion ?

Aklapper added a comment.Nov 7 2014, 2:04 PM

https://rt.wikimedia.org/Ticket/Display.html?id=7695 ("Digitally sign cortado video player java applet") is still open and not clear who to make a decision...

Bawolff added a comment.Nov 7 2014, 2:33 PM

At this point id reccomend just concentrating on brion's solution instead

Gilles added a project: Multimedia.Nov 24 2014, 3:20 PM
Dzahn mentioned this in T83995: Digitally sign cortado video player java applet.Feb 3 2015, 8:07 PM
Dzahn subscribed.Mar 14 2015, 4:26 AM

also see T83995 (duplicate?)

Krenair subscribed.Mar 14 2015, 4:43 AM
Aklapper merged a task: T83995: Digitally sign cortado video player java applet.Mar 15 2015, 4:18 PM
Aklapper added subscribers: Aklapper, jeremyb, rtimport.
Matanya closed this task as Invalid.Jun 17 2015, 8:29 PM
Matanya claimed this task.
Matanya subscribed.

[23:26:31] <matanya> brion: do we still use cortado video player java applet anywhere ?
[23:26:46] <brion> matanya: it's still enabled but it doesn't work unless you have a really old browser
[23:26:59] <brion> i plan to remove it when we add finish adding ogv.js
[23:27:06] <matanya> brion: do you mean ie6 ?
[23:27:08] <brion> either within TMH+MwEmbedPlayer or with a video.js conversion
[23:27:11] <brion> hehe
[23:27:27] <brion> even ie6 if you have current java the plugin hates the applet
[23:27:32] <brion> it's missing some new security spec field
[23:27:36] <brion> new == like several years ago
[23:27:40] <matanya> in other words, can you define really old browser?
[23:27:58] <brion> "IE 6 with a really old or weirdly-configured java"? :D
[23:28:19] <matanya> so the answer is no, since we dropped support for ie6, gotcha
[23:28:31] <brion> oh that's right
[23:28:35] <brion> handy :D
[23:28:42] <brion> so yeh it probably doesn't work at present :DD

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL