[4768] in java-interest
Re: Why should an Applet only talk with its originating host?
daemon@ATHENA.MIT.EDU (Sami Shaio)
Fri Jan 12 18:06:14 1996
Date: Fri, 12 Jan 1996 13:44:33 -0800
From: Sami.Shaio@Eng.Sun.COM (Sami Shaio)
To: java-interest@java.Eng.Sun.COM, andy@sarrus.com
|From andy@sarrus.com Fri Jan 12 12:54:54 1996
|Here are a couple of questions for you Java gurus out there:
|
|1. How would a Java applet become "less safe" if it were allowed to freely
|communicate with other hosts (assuming everything else stayed the same)?
|
How do you distinguish between an applet that is a multi-player game
and communicates with a bunch of different hosts from an applet that
is trying to communicate with various hosts inside a corporate firewall
(possibly to steal information)?
The alpha3 HotJava had some experimental security modes that were a
little less strict but had some flaws (they relied on proper user
configuration which most corporations are wary of). We decided to
stick to one option that has the advantage of being very easy
to implement and free of configuration risks.
In future versions there will be the ability to have signed
authenticated applets which, if you trust the origin of
the applet, will be able to do more than is allowed in the
current model.
|2. In light of this particular restriction, has anyone figured out a good way
|to have an applet talk to an application server which isn't on the same
|machine as the web server?
|
Set up a server process on your web server (it can even be written
in Java) which forwards communications from the applet to whomever
you wish. This doesn't compromise security because the server
machine cannot violate corporate firewalls if it's outside of
them.
|Thanks,
|
|Andy Turk
|Sarrus Software, Inc.
|andy@sarrus.com
|-
|This message was sent to the java-interest mailing list
|Info: send 'help' to java-interest-request@java.sun.com
|
--sami
-
This message was sent to the java-interest mailing list
Info: send 'help' to java-interest-request@java.sun.com
