[9579] in bugtraq
Applets listening on Sockets in Java
daemon@ATHENA.MIT.EDU (Lincoln Stein)
Mon Feb 15 03:11:23 1999
Date: Sat, 13 Feb 1999 14:02:38 -0500
Reply-To: lstein@cshl.org
From: Lincoln Stein <lstein@CSHL.ORG>
X-To: Tim Wright <wright@qucis.queensu.ca>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SOL.3.95.990212153035.634A-100000@highnoon>
Tim Wright writes:
> <alx@acm.org> and I recently explored the "security hole" in Java
> where an applet can listen on a port, and accept connections from any
> machine, rather than just the machine from which the applet was
> down-loaded.
>
> The code which was posted to BugTraq does appear to exhibit this
> behavior. However, on closer inspection the posted code only created a
> class to listen on a socket, and did not call the method to accept
> connections from that socket. It turns out that the SecurityException is
> (correctly) thrown during the accept method call.
That's with connection-oriented sockets. What about UDP sockets?
Lincoln
--
========================================================================
Lincoln D. Stein Cold Spring Harbor Laboratory
lstein@cshl.org Cold Spring Harbor, NY
========================================================================
