aspose file tools*
The moose likes Applets and the fly likes Applet security restriction Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Applets
Bookmark "Applet security restriction" Watch "Applet security restriction" New topic
Author

Applet security restriction

Wolfgang Tintemann
Ranch Hand

Joined: Sep 11, 2010
Posts: 65

I recently read about what is forbidden for a normal Applet :

Create a network connection to any computer other than the host from which it originated.

I simply wanted to read a Website via HttpURLConnection and this failed with access denial
as mentioned above.
I am puzzled now : what kind of crime shall be prevented by this restriction ?
I can read this page in every browser - why not by an Applet ?

Please give me the argument as I don't understand this.


Time isn't Money, Money is Time.
The man who works looses his time ( spanish proverb )
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18570
    
    8

Without that restriction, the applet could connect to any site and upload any information it had asked you to input. Reading from a foreign server isn't that much of a problem, but writing to one certainly is.
Wolfgang Tintemann
Ranch Hand

Joined: Sep 11, 2010
Posts: 65

Paul Clapham wrote:... Reading from a foreign server isn't that much of a problem, but writing to one certainly is.


I agree with this statement. But then : why is reading forbidden ?

I am only a advanced beginner but as far as I understand it is possible with JavaScript to read from a network connection
to any computer. So : is this a bug in the security software for Java Applets ? There is a command setDoInput in the API
and I think if I execute this then why is reading not allowed. But there may be other reasons for not allowing this.
What about PHP ? Are there similar restrictions ?

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41900
    
  63
Standard Java sockets provide two-way communication, so unless the JVM had a type of one-way socket, there's no easy way to differentiate between read-only and read/write. It's not a bug in the security system, it's designed to work that way.

It could be argued that JavaScript being able to connect everywhere is a security hole; it wasn't originally intended to be that way. See Same origin policy and the "official" (and safe) way to get around it Cross-Origin Resource Sharing.


Ping & DNS - my free Android networking tools app
 
Don't get me started about those stupid light bulbs.
 
subject: Applet security restriction