Re: open socket in java

From: Aviram Jenik (aviramat_private)
Date: Thu Feb 04 1999 - 13:16:04 PST

Next message: Jim Maze: "Re: Fw: No Security is Bad Security"

Previous message: -*- Chotaire -*-: "Re: Linux /usr/bin/lpc overflow"
Maybe in reply to: nino: "open socket in java"
Next in thread: Lincoln Stein: "Re: open socket in java"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

nino wrote:

> The implications are obvious. If any host can connect to the machine
> running the aplet, you could tell java to do things like the boserver.
> If
> you have a completely open socket, its rock n' roll !
>

No, it's not.

Yes, you can connect to the open socket, but the applet can't do any I/O, so
it's basically harmless (just like any other applet).

The fact that the applet accepts outside connections is nothing by its own
(besides a bad feeling it makes anybody that knows something about
security...). The only possible security implication is performing some DoS
on that socket or combining this with another exploits
You definitely can't write a boserver in Java.

--
-------------------------
Aviram Jenik

"Addicted to Chaos"

-------------------------
Today's quote:
Religion ... is the opium of the masses.
                         - Karl Marx, "Critique of the Hegelian Philosophy
                              of Right", 1844

Next message: Jim Maze: "Re: Fw: No Security is Bad Security"
Previous message: -*- Chotaire -*-: "Re: Linux /usr/bin/lpc overflow"
Maybe in reply to: nino: "open socket in java"
Next in thread: Lincoln Stein: "Re: open socket in java"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:42 PDT