Applets listening on Sockets in Java

From: Lincoln Stein (lsteinat_private)
Date: Sat Feb 13 1999 - 11:02:38 PST

Next message: Josh Bailey: "Re: PPP/ISDN multilink security issue - summary"

Previous message: Eric Stevens: "Re: Another Windows98 Bug..."
Next in thread: Gary McGraw: "Applets listening on Sockets in Java"
Next in thread: Tim Wright: "Re: Applets listening on Sockets in Java"
Reply: Tim Wright: "Re: Applets listening on Sockets in Java"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tim Wright writes:
 > <alxat_private> and I recently explored the "security hole" in Java
 > where an applet can listen on a port, and accept connections from any
 > machine, rather than just the machine from which the applet was
 > down-loaded.
 >
 > The code which was posted to BugTraq does appear to exhibit this
 > behavior. However, on closer inspection the posted code only created a
 > class to listen on a socket, and did not call the method to accept
 > connections from that socket. It turns out that the SecurityException is
 > (correctly) thrown during the accept method call.

That's with connection-oriented sockets.  What about UDP sockets?

Lincoln

--
========================================================================
Lincoln D. Stein                           Cold Spring Harbor Laboratory
lsteinat_private			                  Cold Spring Harbor, NY
========================================================================

Next message: Josh Bailey: "Re: PPP/ISDN multilink security issue - summary"
Previous message: Eric Stevens: "Re: Another Windows98 Bug..."
Next in thread: Gary McGraw: "Applets listening on Sockets in Java"
Next in thread: Tim Wright: "Re: Applets listening on Sockets in Java"
Reply: Tim Wright: "Re: Applets listening on Sockets in Java"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:34:39 PDT