nino worte: <snip> > > The implications are obvious. If any host can connect to the machine > running the aplet, you could tell java to do things like the boserver. > If > you have a completely open socket, its rock n' roll ! > <snip> I may be missing something here, but from what I understand of the bug it _doesn't_ constitute a major security issue. All it means is that we have an open socket to a Java APPLET - (note: *not* a Java application) - running on the machine, and are still subject to the "sandbox" restrictions that applets have. We can't read/write files on the local machine or do anything that we couldn't do with an applet anyway. Please correct me if I'm wrong, but I don't think it's anything to get too excited about kiddies - the Java/Javascript combo that let's you read files (posted on bugtraq a month or so ago) is much more interesting :) Stay cool, Toby
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:39 PDT