[5088] in java-interest
RE: Netscape security => lame applets
daemon@ATHENA.MIT.EDU (Cay Horstmann)
Sun Jan 28 19:48:00 1996
From: Cay Horstmann <horstman@jupiter.SJSU.EDU>
To: "'James Waldrop'" <sulam@construct.net>
Cc: "'java-interest@java.sun.com'" <java-interest@java.sun.com>
Date: Sun, 28 Jan 1996 15:41:16 -0800
I am only asking that the applet can grab the same WEB PAGES that the =
ambient browser can. I am not saying it ought to be able to grab the =
same LOCAL FILES.=20
But I am beginning to see your point...what if you have internal Web =
pages that aren't for public consumption? Your browser can see them. So =
I am asking that my applet can too. And then my applet could send them =
all back to me. Thanks for pointing that out! I had naively assumed all =
web pages to be public.=20
I am indeed implementing a "packet laundry" as you outline, and indeed =
it isn't hard to do. Turns out for me C works best since I don't know =
Perl and the machine running httpd can't yet run Java. I just need to =
convince my sys admin that I am not bringing his network to its knees in =
that script--that's the hard part=20
:-)
Cay
horstman@cs.sjsu.edu
----------
From: James Waldrop[SMTP:sulam@construct.net]
Sent: Sunday, January 28, 1996 2:16 PM
To: Cay Horstmann
Cc: 'Gary Cornell'; 'java-interest@java.sun.com'
Subject: Re: Netscape security =3D> lame applets=20
Cay Horstmann wrote:
>The TOTAL IDIOCY here is that the ambient browser can read all that =
data,=20
>but your applet can't.
Actually, this is far from total idiocy. Imagine that you are a user
inside a corporate firewall, downloading web pages as is many people's
wont. Imagine that you grab a page with a Java applet. Imagine that
this Java applet could connect to anything your host could. Suddenly
you've exposed your entire site with this one feature. Yes, this is
far from total idiocy.
The solution to your problem is a packet laundry. Write a simple
program, in Java, Perl, or even C, that connects to a socket on the
host machine and launders requests to other hosts. This is fairly
easy to do, and solves your problem, while still keeping people's
networks secure.
James
--
James Waldrop / Technical Director
sulam@construct.net / Construct Internet =
Design
sulam@well.com / http://www.construct.net
-
This message was sent to the java-interest mailing list
Info: send 'help' to java-interest-request@java.sun.com
