[5062] in java-interest
Netscape security => lame applets
daemon@ATHENA.MIT.EDU (Cay Horstmann)
Sun Jan 28 01:16:10 1996
From: Cay Horstmann <horstman@jupiter.SJSU.EDU>
To: "'Gary Cornell'" <75720.1524@compuserve.com>,
"'java-interest@java.sun.com'" <java-interest@java.sun.com>
Date: Sat, 27 Jan 1996 10:51:05 -0800
A few hours ago I posted a naive question why my applet that gathers some
interesting information from the web doesn't work under Netscape.
I guess I found the answer. As a security feature, Netscape won't allow a
socket connection to any host but the one serving the applet. No Socket(),
but more seriously apparently no URL() either. (See the applet at the end
of this message.)
The implication is that you cannot present your applet users any data
except for files that you currently have available on the same file system
that serves the applet.
A few months ago someone had a nice applet that fetched up-to-date currency
rates from a gopher site and used them in a currency conversion calculator.
No more. Now you can't connect to that gopher site in an applet. (My applet
was similar--it grabbed weather reports.) That precludes an entire useful
class of applets that I'd call INFORMATION HARVESTERS.
The TOTAL IDIOCY here is that the ambient browser can read all that data,
but your applet can't.
It also explains why Sun's stock ticker applet is COMPLETELY BOGUS. Despite
what it says on their web page, it can't be made to work with Java alone.
They also need some external process that shovels the stock data into the
file system where the applet resides.
I guess if you view applets as a means of conveyance for nervous text and
tumbling molars, then this isn't a big deal. But if you viewed applets as
something that can do MORE than HTML and CGI, then this is pretty
depressing. Or am I missing something important?
Cay
horstman@cs.sjsu.edu
Here is the test applet that shows how I can't connect to a data stream. I
get the following error message when trying to open http://java.sun.com:
Exception netscape.applet.AppletSecurityException: security.socket.connect:
www.mathcs.sjsu.edu->java.sun.com
You can run the applet by loading
http://www.mathcs.sjsu.edu/faculty/horstman/OpenURL.html
Sorry for the lack of decoration.
Source:
import java.net.*;
import java.io.*;
import java.awt.*;
import java.applet.*;
public class OpenURL extends Applet
{ public void init()
{ setLayout(new BorderLayout());
name = new TextField(40);
Panel p = new Panel();
p.add(name);
p.add(new Button("Open"));
add("South", p);
contents = new TextArea();
contents.setFont(new Font("Courier", Font.PLAIN, 10));
add("Center", contents);
}
public boolean handleEvent(Event evt)
{ if (evt.id == Event.WINDOW_DESTROY) System.exit(0);
return super.handleEvent(evt);
}
public boolean action(Event evt, Object arg)
{ if (arg.equals("Open"))
{ contents.setText("");
try
{ URL url = new URL(name.getText());
DataInputStream in = new DataInputStream(url.openStream());
String str = null;
contents.appendText("Opened " + name.getText() + "\n");
while ((str = in.readLine()) != null)
contents.appendText(str + "\n");
}
catch(Exception e)
{ contents.appendText("Exception " + e + "\n");
}
}
else return super.action(evt, arg);
return true;
}
TextArea contents;
TextField name;
}
-
This message was sent to the java-interest mailing list
Info: send 'help' to java-interest-request@java.sun.com
