I'm not a moderator or author on this site, but here is what is going on. The Java applet that is used to upload our maps to the server is "jumploader" - a Java applet that is not written by Oz. It is available for free here: http://jumploader.com/
The code for the applet is on this website (gpsfiledepot.com) - that's how it can run here. However, Java has a security feature built into it (which the jumploader applet is forced to encounter, since it is running on Java). The security feature is designed to warn us, the end users, if a Java applet is running on a site and Java can't verify that the applet is from that site.
The process of verification of the applet is 'certificate signing.' A website owner (i.e. Oz) purchases a trusted certificate key from a "Certificate Authority (CA)" and then uses that certificate to 'sign' the Java applet. Then, when we run the applet, Java can verify that the applet belongs to this website. Essentially the process of certificate signing adds a layer of security that makes tampering or hacking of the Java applet easier to detect.
Apparently Oz has not purchased a certificate. So we are getting a warning from the Java program that tells us that Java can't verify that the applet (jumploader) is signed by the website we're on (gpsfiledepot.com). Therefore, Java is trying to warn us that there is some risk that the applet isn't what we are expecting (it could have been hacked) - Java can't guarantee that what we're going to run (after clicking the 'accept the risk" button) is the absolute same applet that is associated with this website.
The security warning is NOT a warning that the applet has been hacked or that anything bad is going on. It is simply a warning that Java (the program) can't verify that the applet (jumploader) has been signed by the website we are on (gpsfiledepot.com).
Certificates are REALLY expensive.
http://www.digicert.com/code-signing/oracle-java.htm
http://www.godaddy.com/ssl/code-signing-certificate.aspx
https://www.thawte.com/code-signing/content-signing-certificates/sun-java/index.html
Recent updates to Java have increased the 'scariness' of the warnings that come when Java is 'asked' to run an unsigned applet. See here:
http://www.oracle.com/technetwork/java/javase/tech/java-code-signing-1915323.html
So, the bottom line is:
1) Oz could buy a certificate and make the scary warning go away.
2) I think it is unrealistic for Oz to buy a certificate. Too expensive, and the problem isn't worth the price of the cure (for me).
3) The worst case scenario would be:
a) Someone creates a Java applet that is bad
b) That person hacks into this website and uploads their bad applet in place of 'jumploader'
c) We run what we think is jumploader, but it is actually the bad applet, and it does something bad to our computer.
To me, the risk is minimal because: the chances that someone hacks into the website to upload a bogus applet is minimal, but even if that were to happen, the chance that the applet can do something bad to my computer is minimal. Applets run in a 'sandbox' - which is a protected place which does not have access to the rest of your computer's operating system. There have been holes in the Java sandbox, which viruses can exploit, but the holes are typically plugged very rapidly by browser or Java updates. So the risk is minimal <to me> because I:
1) run my computer with a firewall
2) run good antivirus software which is up-to-date
3) frequently update my operating system ("windows update") (once a month)
4) frequently update Java (once a month)
5) frequently back up my data (at least once a week) to an external drive that is physically disconnected from my computer when not actually getting backup data (because I unplug it after running the backup
Dave
The non-IT professional, who can't be sued when you do what I suggest and things go bad for you. If you're uncomfortable with something, don't do it. Also note that I don't say the risk is ZERO. So there is a risk you could blow up your computer, your TV, your refrigerator, and perhaps your garage door opener if something bad happens. Your move.
The code for the applet is on this website (gpsfiledepot.com) - that's how it can run here. However, Java has a security feature built into it (which the jumploader applet is forced to encounter, since it is running on Java). The security feature is designed to warn us, the end users, if a Java applet is running on a site and Java can't verify that the applet is from that site.
The process of verification of the applet is 'certificate signing.' A website owner (i.e. Oz) purchases a trusted certificate key from a "Certificate Authority (CA)" and then uses that certificate to 'sign' the Java applet. Then, when we run the applet, Java can verify that the applet belongs to this website. Essentially the process of certificate signing adds a layer of security that makes tampering or hacking of the Java applet easier to detect.
Apparently Oz has not purchased a certificate. So we are getting a warning from the Java program that tells us that Java can't verify that the applet (jumploader) is signed by the website we're on (gpsfiledepot.com). Therefore, Java is trying to warn us that there is some risk that the applet isn't what we are expecting (it could have been hacked) - Java can't guarantee that what we're going to run (after clicking the 'accept the risk" button) is the absolute same applet that is associated with this website.
The security warning is NOT a warning that the applet has been hacked or that anything bad is going on. It is simply a warning that Java (the program) can't verify that the applet (jumploader) has been signed by the website we are on (gpsfiledepot.com).
Certificates are REALLY expensive.
http://www.digicert.com/code-signing/oracle-java.htm
http://www.godaddy.com/ssl/code-signing-certificate.aspx
https://www.thawte.com/code-signing/content-signing-certificates/sun-java/index.html
Recent updates to Java have increased the 'scariness' of the warnings that come when Java is 'asked' to run an unsigned applet. See here:
http://www.oracle.com/technetwork/java/javase/tech/java-code-signing-1915323.html
So, the bottom line is:
1) Oz could buy a certificate and make the scary warning go away.
2) I think it is unrealistic for Oz to buy a certificate. Too expensive, and the problem isn't worth the price of the cure (for me).
3) The worst case scenario would be:
a) Someone creates a Java applet that is bad
b) That person hacks into this website and uploads their bad applet in place of 'jumploader'
c) We run what we think is jumploader, but it is actually the bad applet, and it does something bad to our computer.
To me, the risk is minimal because: the chances that someone hacks into the website to upload a bogus applet is minimal, but even if that were to happen, the chance that the applet can do something bad to my computer is minimal. Applets run in a 'sandbox' - which is a protected place which does not have access to the rest of your computer's operating system. There have been holes in the Java sandbox, which viruses can exploit, but the holes are typically plugged very rapidly by browser or Java updates. So the risk is minimal <to me> because I:
1) run my computer with a firewall
2) run good antivirus software which is up-to-date
3) frequently update my operating system ("windows update") (once a month)
4) frequently update Java (once a month)
5) frequently back up my data (at least once a week) to an external drive that is physically disconnected from my computer when not actually getting backup data (because I unplug it after running the backup
Dave
The non-IT professional, who can't be sued when you do what I suggest and things go bad for you. If you're uncomfortable with something, don't do it. Also note that I don't say the risk is ZERO. So there is a risk you could blow up your computer, your TV, your refrigerator, and perhaps your garage door opener if something bad happens. Your move.