Date: Tue, 2 Feb 1999 13:42:32 -0800 From: Giao Nguyen <grailat_private> Just for kicks, I wrote a sample applet that listened on a socket. I discovered that when the applet was loaded under Netscape (as tested with version 4.5), any hosts could then connect to the machine running this applet. I won't bore anyone with the code because it's so trivial that a novice to Java should be able to write it with ease after reading some documentation. According to Java in a Nutshell, 2nd edition, p. 139: * Untrusted code cannot perform networking operations, exception certain restricted ways. Untrusted code cannot: [...] - Accept network connections on ports less than or equal to 1024 or from any host other than the one from which the code itself was loaded. While the port number restriction is held by the VM, the point of origin restriction is not held at all. The error in your analysis is most likely that you were running Java code from a class file installed on your local machine, as opposed to one which is downloaded from a web site somewhere. The former is considered "trusted," while the latter is "untrusted." Any class file you've compiled on your local machine will be considered "trusted," and will be allowed to do pretty much anything it wants. Similarly, any class file you've copied to your hard drive, as opposed to downloading from within a web browser, will be considered "trusted." -- -- Bill Van Emburg Quadrix Solutions, Inc. Phone: 732-235-2335, x206 (bveat_private) Fax: 732-235-2336 (http://quadrix.com) "You do what you want, and if you didn't, you don't"
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:22 PDT