Wether or not that could cause any problems is realted to the level of security that is imposed on java applets. Say you open a listening port on 139 or 23. If that sockets lays over the existing one, it could possible take traffic from it, and relay it to a remote host. You can do this with netcat, so I would think java applets would be subject to the same security.. Pavel At 11:16 PM 2/4/99 +0200, Aviram Jenik wrote: >nino wrote: > >> The implications are obvious. If any host can connect to the machine >> running the aplet, you could tell java to do things like the boserver. >> If >> you have a completely open socket, its rock n' roll ! >> > >No, it's not. > >Yes, you can connect to the open socket, but the applet can't do any I/O, so >it's basically harmless (just like any other applet). > >The fact that the applet accepts outside connections is nothing by its own >(besides a bad feeling it makes anybody that knows something about >security...). The only possible security implication is performing some DoS >on that socket or combining this with another exploits >You definitely can't write a boserver in Java.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:50 PDT