Remove Checkstyle warnings for certain classes

Checkstyle warnings for generated or automatically filled classes like Messages.java in Eclipse RCP can be annoying. But even without the .checkstyle file under version control, it is possible to deactivate Checkstyle warnings for selected files. First you have to add the SuppressionFilter module to your Checkstyle configuration file: <module name=”SuppressionFilter”>  <property name=”file” value=”${samedir}suppressions.xml”/> </module> The… Continue reading Remove Checkstyle warnings for certain classes

Published
Categorized as Eclipse, Java

A little bit more security for Java in the browser

Oracle just released Java 7 update 21, containing once more many security fixes (install it right away). And some changes for applet usage und handling. First of all, the preference dialog does not contain the low security setting any more. Which forces more user interaction when launching unsigned applets. Unsigned applets therefore require at least… Continue reading A little bit more security for Java in the browser

Published
Categorized as Java

It’s a hattrick

Just received the great news that my session on Java Security Myths has been accepted for the upcoming Java Forum Stuttgart 2013. This is the third time in a row for me to speak at JFS after Git in 2011 and Secure Software Development in 2012. Looking forward to seeing you in Stuttgart on July… Continue reading It’s a hattrick

Published
Categorized as Events

Java in the browser is dead

So its certificates now. Looks like Java applets don‘t care about certificate revocation lists at all. Signed applets gain full access to the system. An invalid certificate should prevent that. Which means a certificate revocation list is kind of important. But no, let’s forget about that check. No need to hack the sandbox this time… Continue reading Java in the browser is dead

Published
Categorized as Java

Making Java secure again

The recent total failure of Java security is neither the first one, nor will it be the last one. Java in the browser (in the form of Java applets) is not secure and will never be secure. Oracle can provide all the security patches they want, the next major security breach is just around the… Continue reading Making Java secure again

Published
Categorized as Java

Java 7 update 11 available, addressing the latest major security flaw

So, Oracle released Java 7 update 11 today, addressing the latest major security flaw with Java applets. Guess we are safe now for about a week. Of course I strongly recommend installing the new release as quickly as possible. But keep Java disabled in your browser! In case you do need a Java applet I’ll… Continue reading Java 7 update 11 available, addressing the latest major security flaw

Published
Categorized as Java

Solved the Eclipse RCP export failure on OS X

After a lot of trial and error, I’ve solved the Eclipse RCP export failure on OS X. The solution was to force Eclipse to use Java 1.6 and not the default 1.7. Simply add the following line to your eclipse.ini: -vm /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/bin/java