 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / May 2004Applet (website) communication to Applet (on my machine)
Hi everybody, Is communication with an applet on my machine (and reverse) possible, if I give socket permission to applet from my website. Someone knows a tutorial on this? Jean Pierre  Signature= = = = http://web.jeanpierredaviau.com http://www.jeanpierredaviau.com On Thu, 29 Apr 2004 11:42:21 -0400, "Québec" <notAgain@enough.ca> wrote or quoted : > Is communication with an applet on >my machine (and reverse) possible, if I give socket permission to applet >from my website. Someone knows a tutorial on this? Applets do this all the time without permission. It ok to talk to mom, (server from which the Applet was loaded) but it not ok to talk to strangers unless you are signed and have permission. To do some raw socket work or some HTTP GET POST see http://mindprod.com/fileio.html for sample code. -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. Is it ok for an application (or applet) on my machine (stranger) to talk to mom (server from which the Applet was loaded). Let say I have the password and ID of the mom. JP "Roedy Green" <see@mindprod.com.invalid> a ?crit dans le message de to talk to > mom, (server from which the Applet was loaded) news:rko290574pnc8ircm4nok4dpb6o9prgice@4ax.com... > > Is communication with an applet on > >my machine (and reverse) possible, if I give socket permission to applet > >from my website. Someone knows a tutorial on this? > > Applets do this all the time without permission. It ok but it not ok to talk > to strangers unless you are signed and have permission. > [quoted text clipped - 5 lines] > Coaching, problem solving, economical contract programming. > See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. On Thu, 29 Apr 2004 17:17:52 -0400, "Québec" <notAgain@enough.ca> wrote or quoted : >Is it ok for an application (or applet) on my machine (stranger) to talk to >mom (server from which the Applet was loaded). Let say I have the password >and ID of the mom. Applications can talk to whomever they please, so long as they have the passwords. Applets can only talk to mom, unless they are signed. see http://mindprod.com/jgloss/applet.html http://mindprod.com/jgloss/signedapplets.html -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. Ok. Jp > >Is it ok for an application (or applet) on my machine (stranger) to talk to > >mom (server from which the Applet was loaded). Let say I have the password [quoted text clipped - 11 lines] > Coaching, problem solving, economical contract programming. > See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. Here is an example of an applet (for JPI 1.3+) which can call to mom, pop, or any unknown relatives :-) http://www.jensign.com/JavaScience/www/httpapplug It simply returns the http headers returned by a host web server you specify. - Mitch Gallant > Ok. > [quoted text clipped - 17 lines] > > Coaching, problem solving, economical contract programming. > > See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. > Here is an example of an applet (for JPI 1.3+) > which can call to mom, pop, or any unknown relatives :-) > http://www.jensign.com/JavaScience/www/httpapplug > It simply returns the http headers returned by a host web server > you specify. Note that when the dialog comes up, if you press the "Deny" button, the applet runs, but only headers from www.jensign.com are displayed. Whew! --Mike Amling What's the surprise? If you are talking about the security dialog "Deny" button, that means that the applet can still run, but only in sandboxed mode. It simply won't be given extended privileges. A developer could of course choose to catch and display appropiate info to the user, but these samples are mimimal samples only. - Mitch > > Here is an example of an applet (for JPI 1.3+) > > which can call to mom, pop, or any unknown relatives :-) [quoted text clipped - 6 lines] > > --Mike Amling I have plugin 1.4_03 The certificate has not been verified it will be considered has non signed. Click OK The applet does not seem to work. > What's the surprise? > If you are talking about the security dialog "Deny" button, that means that the [quoted text clipped - 13 lines] > > > > --Mike Amling I guess Sun changed the rules again about trustability. With JPI 1.4.2_-2, the user has the option to trust the signature, and allow permissions, even without the issuing cert being present in the trusted cacerts file: http://www.jensign.com/JavaScience/trust.jpg - Mitch > I have > [quoted text clipped - 25 lines] > > > > > > --Mike Amling It works now. I deleted the corrupted cacert file and it has been recreted by the plugin. > I guess Sun changed the rules again about trustability. > With JPI 1.4.2_-2, the user has the option to trust the signature, [quoted text clipped - 33 lines] > > > > > > > > --Mike Amling Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.