Date: Wed, 28 Jan 1998 14:50:32 -0800
From: Jeff.Nisewanger@Eng (Jeff Nisewanger)
Message-Id: <199801282250.OAA19617@puuoo.eng.sun.com>
To: java-security@web1.javasoft.com, CarlKlapper@1stmtg.com,
Subject: Re: Sockets,Push and Security
> > The ability of an applet to create a server socket on the client machine
> > would be a natural implementation of push and, with a restriction of
> > only accepting connections from the originating machine, would satisfy
> > the security restrictions in place for client sockets on the client
> > machine. There does not appear to be any such capability. If there is,
> > where is it? If there is not, why not?
>
> It is my understanding that applets are allowed to:
>
> - listen on non-privilged ports (>=1024)
>
> - connect and accept connections from the host/server they came from
>
> Thus it sounds like they should be able to create a server socket, and
> accept connects from the server they came from. Is this not your
> experience?
Just to clarify, this has been true since JDK1.1. Prior to that,
applets were not allowed to create ServerSockets at all.
Jeff