How do I control when an untrusted applet or application runs in my web browser?
This article applies to:
- Java version(s): 7.0, 8.0
Java 7u10 introduced the ability to manage when and how untrusted Java applications (i.e. an application that is digitally signed by an unknown publisher, or a certificate that has not been issued by a trusted Certificate Authority) will run if they are included on a web page. Setting the security level within the Java Control Panel will determine whether
- You are prompted before an untrusted java application is run (MEDIUM or HIGH) or
- Untrusted Java applications will be blocked so they cannot run (VERY HIGH).
Starting with Java 7 Update 51, applets that do not conform with the latest security practices can still be authorized to run by including the sites that host them to the Exception Site List.
Starting with Java 8 Update 20, the Medium security level has been removed from the Java Control Panel. Only High and Very High levels are available.
The exception site list provides users with the option of allowing the same applets that would have been allowed by selecting the Medium option but on a site-by-site basis therefore minimizing the risk of using more permissive settings.
Find the Java Control Panel
Setting the Security levels through the Java Control Panel
- In the Java Control Panel, click on the Security tab.
- Select the desired Security level.
- Click Apply.
- Click OK to save changes made to the Java Control Panel.
Java Control Panel - Java 8u20 and later versions
Security levels in the Java Control Panel
Very High
This is the most restrictive security level setting. All the applications that are signed with a valid certificate and include the Permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. All other applications are blocked.High
This is the minimum recommended (and default) security level setting. Applications that are signed with a valid or expired certificate and include the Permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. Applications are also allowed to run with security prompts when the revocation status of the certificate cannot be checked. All other applications are blocked.Medium (removed from Java 8 Update 20 and later versions)
Only unsigned applications that request all permissions are blocked. All other applications are allowed to run with security prompts. Selecting the Medium security level is not recommended and will make your computer more vulnerable should you run a malicious application.You might also be interested in:
