Ubuntu
icedtea-web package

resources from remote locations icedtea warning

Bug #1314985 reported by Anderson Luiz Alves
100
This bug affects 20 people
Affects Status Importance Assigned to Milestone
icedtea-web (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

When acessing account login page at Bank of Brazil icedtea shows the warning:
"the application Modulo de Segurança Banco do Brasil
from https://www2.bancobrasil.com.br/aapf/login.jsp?aapf.IDH=sim&perfil=1
uses resources from the following remote locations:
* https://www2.bancobrasil.com.br/aapf
* https://www2.bancobrasil.com.br/aapf/idh
For more information see: JAR File Manifest Attributes
and Preventing the Repurposing of an Application"

Icedtea shouldn't display this warning because its not remote locations.
There is no options to disable the warning, it always prompt.

icedtea-7-plugin=1.5-1ubuntu1
openjdk-7-jre=7u55-2.4.7-1ubuntu1

There is no remote location warning when using oracle java jre 7u55.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: icedtea-7-plugin 1.5-1ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
Uname: Linux 3.13.0-24-generic x86_64
ApportVersion: 2.14.1-0ubuntu3
Architecture: amd64
CurrentDesktop: Unity
Date: Thu May 1 09:23:10 2014
InstallationDate: Installed on 2014-04-17 (13 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
SourcePackage: icedtea-web
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Anderson Luiz Alves (alacn1) wrote :
Revision history for this message
Anderson Luiz Alves (alacn1) wrote :
Revision history for this message
Joao Henrique Gouveia (jhgouveia) wrote :

The same problem occours with Caixa Econômica Federal Internet Banking.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in icedtea-web (Ubuntu):
status: New → Confirmed
Revision history for this message
Lutz Andersohn (landersohn-m) wrote :

Actually, I have an additional problem: if the resources are remote, I cannot find a way to accept this remote site as trusted and the warning is most annoying

Revision history for this message
Frederic Defoy (fdefoy) wrote :

I have the same problem when launching our time sheet software.

The resources mentioned in the warning dialog are:

http://171.15.60.237/ste4/libs
http://171.15.60.237/ste4

When I open the local jnlp file it seems to be pointing to the same place... not sure im interpreting this right but from what I read on the websites the warning directs us too it should work.

codebase="http://171.15.60.237/ste4/"

Revision history for this message
Alexandre Magno (alexandre-mbm) wrote :

Would not only be something that needs to be configured?

Revision history for this message
Anderson Luiz Alves (alacn1) wrote :

There is no option to configure it. It shouldn't display the warning by default, because its not remote locations.

Revision history for this message
Alexandre Magno (alexandre-mbm) wrote :

In the case with the Bank of Brazil are not remote locations?

Revision history for this message
Alexandre Magno (alexandre-mbm) wrote :

Where this "default option" could be changed? I am looking for a work around still that I need to do a rebuild.

Revision history for this message
Anderson Luiz Alves (alacn1) wrote :

In the case with the Bank of Brazil its not remote locations.
There is no option to configure it.

Revision history for this message
Alexandre Magno (alexandre-mbm) wrote :

Would it is hardcoded? Where?!

Revision history for this message
Benjamin Kircher (bkircher) wrote :

See attached screen-shot of the dialog in question. As already noted above, most annoying, checking "Remember this option?" check-box has no effect whatsoever.

Alberto Salvia Novella (es20490446e)
Changed in icedtea-web (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Andrey Barrientos M. (cpoliticas2005) wrote :

This happens also with the applet from Banco Nacional de Costa Rica (https://www.bnonline.fi.cr). I have an image attached showing this same behavior.

Revision history for this message
Andrey Barrientos M. (cpoliticas2005) wrote :

I forgot to mention that I'm using Kubuntu 14.10, but this happens as far as I can remember since 14.04.

Revision history for this message
darryn.smith (darryn-smith) wrote :

This has also affected me for quite a long time. Accessing Trendnet IP Cameras in Java mode. The cameras are all internal - and static.

Revision history for this message
Paulo Estrela (paulojbe-gmail) wrote :

Please check this: https://bugzilla.redhat.com/show_bug.cgi?id=1286466
Worked for me with Banco do Brasil web site.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.