Skip to main content

Deployment: Goodbye scary security dialog box!

Posted by stanleyh on April 30, 2005 at 12:22 AM PDT

During the post-Tiger planning, we talked to numerous developers to determine what features and enhancements we should work on in Mustang. Many feedbacks we received are related to the user experience in Java Web Start, especially around the security warning dialog box for signed application.Why is security warning necessary?

A signed Java application is simply just, signed. It does not mean that the application should be granted with all permission automatically, because the application could be signed by anyone, including hacker. Therefore, before Java Web Start runs a signed application, it is critical to ask users if they want to trust the signer before granting all permissions to the application for execution.

Security warning UI should reveal proper level of information to help users making the right decision.

However, there is a fine line between revealing too little information that misleads the users to make the wrong decision, and revealing too much information that scares the users away. Based on the feedbacks, the current security warning UI in Java Web Start is simply too scary looking, and many developers have hard time to convince users to run their applications during deployment.

Here comes the good news!

We have decided to revamp the user experience in Java Web Start in Mustang. Even better, the promoted Mustang build 34 contains the initial putback of the new security warning dialog box, and you can download it today! To give you a taste, here are some screenshots:

Signed application with valid certificate:

security_warning_signed.jpg

Signed application with expired certificate:

security_warning_expired.jpg

Self-signed application:

security_warning_self_signed.jpg

Note: The messages in the security warning UI are changed based on the nature of the signer certificate. You should try out Mustang to see how the new security warning dialog box will look like for your application.

We understand that any change like this has a profound impact to the success of your Java deployment, and your feedback will certainly help us to shape the final product to satisfy your needs. We will continue to make a series of UE/UI changes in Java Web Start before Mustang code freeze, including graphics and layouts, so the input we want at this point is around the messages in the dialog box, not the cosmetic UI issues:

- Do the messages still make the dialog box look scary to your users?
- Do the messages reveal proper level of security related information?
- What improvement do you like to see in the new dialog box?

Tell us what you think.

Related Topics >>