Does signed applet allow to Make network connections to arbitary hosts ??
P Lu
Greenhorn
Posts: 14
posted 13 years ago
Doed signed applet allow to Make network connections to arbitary hosts ??
I have two co-worker showed me they can do it.
Thanks!
Ping
I have two co-worker showed me they can do it.
Thanks!
Ping
P Lu
Greenhorn
Posts: 14
Angus MacCuish
Greenhorn
Posts: 22
posted 13 years ago
Have a read of this.
I would have automatically said 'no' to your question, unless of course the browser's security policy has granted permission. It looks like a JDK1.1 signed applet would work though (assuming no firewall issues).
In the context of the SCEA exam, I believe the answer would be 'no', as they are testing your knowledge of the new applet security architecture.
Cheers
Gus
[ March 17, 2004: Message edited by: Angus MacCuish ]
I would have automatically said 'no' to your question, unless of course the browser's security policy has granted permission. It looks like a JDK1.1 signed applet would work though (assuming no firewall issues).
In the context of the SCEA exam, I believe the answer would be 'no', as they are testing your knowledge of the new applet security architecture.
Cheers
Gus
[ March 17, 2004: Message edited by: Angus MacCuish ]
SCJP, SCJD, SCWCD, SCEA(I)
Ramesh kumaar
Ranch Hand
Posts: 146
posted 13 years ago
Hi Guys,
Better read the following which may answer ur question.
-Rameshkumar
How can an applet open a network connection to a computer on the internet?
Applets are not allowed to open network connections to any computer, except for the host that provided the .class files. This is either the host where the html page came from, or the host specified in the codebase parameter in the applet tag, with codebase taking precendence.
For example, if you try to do this from an applet that did not originate from the machine foo.com, it will fail with a security exception:
Socket s = new Socket("foo.com", 25, true);
How can an applet open a network connection to its originating host?
Be sure to name the originating host exactly as it was specified when the applet was loaded into the browser.
That is, if you load an HTML page using the URL
http://foo.state.edu/~me/appletPage.html
then your applet will be able to connect to its host only by using the name foo.state.edu. Using the IP address for foo.state.edu won't work, and using a "shorthand" form of the host name, like foo.state instead of foo.state.edu, won't work.
Better read the following which may answer ur question.
-Rameshkumar
How can an applet open a network connection to a computer on the internet?
Applets are not allowed to open network connections to any computer, except for the host that provided the .class files. This is either the host where the html page came from, or the host specified in the codebase parameter in the applet tag, with codebase taking precendence.
For example, if you try to do this from an applet that did not originate from the machine foo.com, it will fail with a security exception:
Socket s = new Socket("foo.com", 25, true);
How can an applet open a network connection to its originating host?
Be sure to name the originating host exactly as it was specified when the applet was loaded into the browser.
That is, if you load an HTML page using the URL
http://foo.state.edu/~me/appletPage.html
then your applet will be able to connect to its host only by using the name foo.state.edu. Using the IP address for foo.state.edu won't work, and using a "shorthand" form of the host name, like foo.state instead of foo.state.edu, won't work.
Angus MacCuish
Greenhorn
Posts: 22
posted 13 years ago
Check out
http://www.cs.ust.hk/~lzhang/teach/java03/slides/17security.ppt
and
http://www.securingjava.com/chapter-three/chapter-three-7.html
I think the Sun document you're quoting (from the SCEA links page) is describing the default behaviour of Applets. The Java 2 security architecture is supposed to let you go 'beyond the sandbox' with the
'java.policy' permissions file.
If you search for applets on the web you'll notice some will tell you to add entries into this policy file to grant 'SocketPermission' for other hosts.
I haven't written an Applet since 1998 I hasten to add! Interestingly enough, that particular project used a signed applet to connect to other hosts (an Oracle database via JDBC).
Cheers
Gus
http://www.cs.ust.hk/~lzhang/teach/java03/slides/17security.ppt
and
http://www.securingjava.com/chapter-three/chapter-three-7.html
I think the Sun document you're quoting (from the SCEA links page) is describing the default behaviour of Applets. The Java 2 security architecture is supposed to let you go 'beyond the sandbox' with the
'java.policy' permissions file.
If you search for applets on the web you'll notice some will tell you to add entries into this policy file to grant 'SocketPermission' for other hosts.
I haven't written an Applet since 1998 I hasten to add! Interestingly enough, that particular project used a signed applet to connect to other hosts (an Oracle database via JDBC).
Cheers
Gus
SCJP, SCJD, SCWCD, SCEA(I)
