I recently read about what is forbidden for a normal Applet :
Create a network connection to any computer other than the host from which it originated.
I simply wanted to read a Website via HttpURLConnection and this failed with access denial
as mentioned above.
I am puzzled now : what kind of crime shall be prevented by this restriction ?
I can read this page in every browser - why not by an Applet ?
Please give me the argument as I don't understand this.
Time isn't Money, Money is Time.
The man who works looses his time ( spanish proverb )
Without that restriction, the applet could connect to any site and upload any information it had asked you to input. Reading from a foreign server isn't that much of a problem, but writing to one certainly is.
Paul Clapham wrote:... Reading from a foreign server isn't that much of a problem, but writing to one certainly is.
I agree with this statement. But then : why is reading forbidden ?
to any computer. So : is this a bug in the security software for Java Applets ? There is a command setDoInput in the API
and I think if I execute this then why is reading not allowed. But there may be other reasons for not allowing this.
What about PHP ? Are there similar restrictions ?
Standard Java sockets provide two-way communication, so unless the JVM had a type of one-way socket, there's no easy way to differentiate between read-only and read/write. It's not a bug in the security system, it's designed to work that way.