Re: Java Sockets and Firewalls

From: Aleph One (aleph1at_private)
Date: Thu May 07 1998 - 22:43:20 PDT

  • Next message: Chad Schieken: "Re: Java Sockets and Firewalls"

    On Thu, 7 May 1998, Kirkilis, John wrote:
    > I'm trying to understand the whole issue about Java applets and
    > Firewalls and have a few questions. If you received this email, I found
    > your email address while doing searches on the subject. I haven't found
    > direct answers to my specific questions, so I'm trying to get some
    > confirmation on what I've been able to determine thus far. If you can
    > help, I'd sure appreciate it. I'm in a bind right now.
    > *	Is the SOCKS proxy client in Navigator or IE used by the JVM to
    > allow any Java applet to open a socket through a firewall .... or ...
    > does the applet itself have to establish itself as a SOCKS client?
    I been looking into this for work. The bottom line is that neither IE nor
    Netscape Java network classes make use of the socks proxy even when
    configured. It seems the networking code between the Java classes and the
    rest of the application are compleatly different. In our enviroment this
    means we cannot deploy an application like Digitivity's as the client
    applet cannot connect to the CAGE server behind the SOCKS firewall.
    > *	Does the destination server need to have SOCKS support or is
    > just the client and proxy server sufficient?
    Just the client and proxy.
    > *	If the Java applet is loaded from an SSL-secured web page are
    > all communications via Java socket calls also protected by this sleeve
    > ... or ... must the java applet itself establish itself as an SSL client
    > and use java security APIs.
    The applet will be downloaded over HTTPS (HTTP + SSL) but any 
    connections made by the Applet will not be (unless its uses some
    functions that takes a URL object that starts with "https://" to download
    > *	If a java applet is retrieved through a proxy server, does the
    > browser consider it downloaded from the proxy or the actual server? Are
    > there any problems given the network security sandbox and issues such as
    > proxy servers or routers which perform network address translation?
    Dont follow you.
    > *	Must the server which is serving up the applet have reverse DNS
    > capability over the internet to conform to the sandbox restrictions? I
    > recall some mention of this a while back.
    Dont sure it needs to have a hostname at all but if it does
    the forward and reverse lookups probably need to match.
    > Any help will be greatly appreciated. Thanks.
    > ---------------------------------------------
    > John Kirkilis - Product Development
    > NetSolve, Inc. (512) 795-3056
    > johnkat_private
    > "Entropy - it isn't what it used to be."
    Aleph One / aleph1at_private
    KeyID 1024/948FD6B5 
    Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01 

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:39 PDT