[H-GEN] JVM internal security

[Doug South]

[ Humbug *General* list - semi-serious discussions about Humbug and  ]
[ Unix-related topics.  Please observe the list's charter.           ]
[ Worthwhile understanding: http://www.humbug.org.au/netiquette.html ]

At Wednesday, 27 September 2000, you wrote:


>Hi all
>
>I suspect that I know the answer to this question already, but you 
never
>know...
>
>I've written a java applet as part of a ppp connection monitoring
>system, intended to run inside the LAN here. The webserver
>('192.168.1.1') has served the applet to the client, which then 
tries to
>exchange UDP packets with another machine (viz. '192.168.1.3') running 
a
>perl script with its finger on the pulse of the ppp interface. Lovely 
so
>far. Except that netscape's JVM doesn't seem to like the applet making
>its own network connections.
>
>There wouldn't be anything I could do about this, could there? Apart
>from excluding netscape and just making the java bit standalone, or
>something along those lines.

Welcome to the Applet security sandbox. This says that an applet 
shalt not make a network connection to any other machine other than 
the one it has come from. So, you could either set up a server on 
192.168.1.3 and serve the applet from there or put your perl script 
on 192.16.1.1. Or you could just sign the applet with a "test" cert 
and give it access to whatever damn machine it pleased. The browser 
will probably complain at first that you shouldn't trust the applet 
(because of the "test" cert), but since you are the author, I'd hope 
that wouldn't be an issue.

Regards,
Doug



===================================================================
EASY and FREE access to your email anywhere: http://Mailreader.com/
===================================================================



--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.