I don't find it totally useless (because I heavily rely on them) but if the question was, "Why can't the JNLP file specify jars from sites other than where the JNLP file was downloaded from in the first place?" then I'd say that's a great question.
I can only guess that the JWS developers just didn't want to step too broadly outside of the original Applet security rules. Perhaps they wanted to help minimize the chance of compromized jar files? If so (and it's pure speculation, of course) I think sealed and signed jars would do a much better job of that - and allow jars to be grabbed from anywhere.
I'd really like to see a JNLP option that allowed signed/sealed jar files to exist from multiple different locations. An _alternate_ location in case a server was down would provide excellent failover. Apps could still _not_ ask for all-permissions and run in the sandbox.
grlea: The WebStart folks have been quite good lately about accepting (and implementing) RFEs from the community. I say write it up and submit it - then post to java.net so we can add our comments and votes to it. I think it has a chance.
Cheers. |
java.net RSS Feeds
