The whitelist is a feature that has been expected for so long.
Oracle adds a "deployment rule set" (Deployment ruleset) to Java to support white lists. Java 7 Update 40 allows system administrators to define which Java programs are trustworthy and easier to manage Java security. Many individual users choose to disable Java Plug-ins in their browsers, or even uninstall Java, in order to prevent the impact of Java attacks. However, this is not feasible for most enterprise users.
Because of compatibility issues, many enterprises are unable to upgrade to the latest Java version in time, which increases the risk of attack. Security researchers criticized Oracle for not providing white-list functionality for Java, so administrators can specify that end users run only specific Java programs in the browser.
This new "deployment Rule Set" allows the system administrator to create an XML file that adds a trusted Java RIAs (Rich Internet application).
See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/Programming/Java/