Re: Security Problem

Marianne Mueller (Marianne.Mueller@Eng)
Tue, 16 Jun 1998 10:32:06 -0700 (PDT)

Date: Tue, 16 Jun 1998 10:32:06 -0700 (PDT)
From: Marianne Mueller <Marianne.Mueller@Eng>
Subject: Re: Security Problem
To: java-security@web2.javasoft.com, asgar.ali@citicorp.com

By default, applets that are downloaded to a client are prevented from
making network connections to any servers other than the one they came from.
Is the Java server application running on the same machine that served up
the applet? If so, they should be able to connect. Print out the hostname
that the applet thinks is its own since it could be different than what you
thought.

For info on applet security, see http://java.sun.com/sfaq and
http://java.sun.com/security

> Date: Fri, 12 Jun 1998 11:30:03 +0100
> From: Asgar Ali <asgar.ali@citicorp.com>
> X-Sender: "Asgar Ali" <aali1@pop3.citicorp.com>
> Mime-Version: 1.0
> To: java-security@web2.javasoft.com
> Subject: Security Problem
> Content-Transfer-Encoding: 7bit
>
> Hi.
>
> I have an applet that connects using sockets to a JAVA application
> server running on the same DEC Unix machine. I get the following error
> on connect. The connection works if I use a console JAVA application
> instead of an applet.
> Any ideas on how to fix this.
>
>
> sun.applet.AppletSecurityException: checkconnect.networkhost1
> at sun.applet.AppletSecurity.checkConnect(Compiled Code)
> at sun.applet.AppletSecurity.checkConnect(Compiled Code)
> at sun.applet.AppletSecurity.checkConnect(Compiled Code)
> at java.net.Socket.<init>(Compiled Code)
> at java.net.Socket.<init>(Compiled Code)
> at DCJClient2.send(Compiled Code)
> at DCJClient2.capture(Compiled Code)
> at Button1Handler.actionPerformed(Compiled Code)
> at java.awt.Button.processActionEvent(Compiled Code)
> at java.awt.Button.processEvent(Compiled Code)
> at java.awt.Component.dispatchEventImpl(Compiled Code)
> at java.awt.Component.dispatchEvent(Compiled Code)
> at java.awt.EventDispatchThread.run(Compiled Code)
>
> Here is the extract of code:-
> public void send( String deal )
> {
> Socket asocket = null;
> PrintWriter out = null;
> BufferedReader in = null;
>
> try
> {
> //asocket = new Socket( "lonu17", 4444 );
> asocket = new Socket( "163.38.16.82", 4444 );
>
> out = new PrintWriter(
> asocket.getOutputStream(), true );
> in = new BufferedReader(
> new InputStreamReader(
> asocket.getInputStream() ) );
>
> out.println( deal );
> out.close();
> in.close();
> asocket.close();
> }
>
> catch( UnknownHostException e )
> {
> System.out.println("Unknown host");
> showStatus( "Unknown host " );
> System.exit(1);
> }
> catch( IOException e )
> {
> System.out.println("Could not get I/O
> connetion");
> showStatus( "Could not get I/O connection" );
> System.exit(1);
> }
>
> /*
> catch( Exception e )
> {
> System.out.println("Other error ");
> showStatus("Other error");
> }
> .
> .
> .
>
>
>
> Asgar.