nino wrote: > The implications are obvious. If any host can connect to the machine > running the aplet, you could tell java to do things like the boserver. > If > you have a completely open socket, its rock n' roll ! > No, it's not. Yes, you can connect to the open socket, but the applet can't do any I/O, so it's basically harmless (just like any other applet). The fact that the applet accepts outside connections is nothing by its own (besides a bad feeling it makes anybody that knows something about security...). The only possible security implication is performing some DoS on that socket or combining this with another exploits You definitely can't write a boserver in Java. -- ------------------------- Aviram Jenik "Addicted to Chaos" ------------------------- Today's quote: Religion ... is the opium of the masses. - Karl Marx, "Critique of the Hegelian Philosophy of Right", 1844
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:42 PDT