wood burning stoves 2.0*
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Downloaded applet to be trusted automatically by the firewall/server Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Downloaded applet to be trusted automatically by the firewall/server" Watch "Downloaded applet to be trusted automatically by the firewall/server" New topic
Author

Downloaded applet to be trusted automatically by the firewall/server

Joe O'Toole
Ranch Hand

Joined: Mar 02, 2009
Posts: 51
Hi

I read on whizlabs that if a firewall or server filters packets by ip address, it would be possible for a downloaded applet to be trusted automatically by the firewall/server.

Does this mean that if I download an applet from a particular site, e.g. http://mysite.com - it would be possible to setup rules on my firewall to ensure the applet is trusted automatically, i.e. user is not prompted to trust the applet. If so does it apply to all applets regardless of whether they are signed or not

Thanks
Joe

Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

It's the browser, or more specifically the Java plug-in, which asks you whether you want to trust a signed applet the first time you download it. I don't believe there's any "security features" which allow the browser to delegate that decision to some other component.

As for what you read on whizlabs, you didn't quote it so there's no possible way for me to say whether it means what you said or not.

Joe O'Toole
Ranch Hand

Joined: Mar 02, 2009
Posts: 51
Just wanted to provide some more information on this question as my initial posting was not entirely accurate. On whizlabs giving the description to a particular applet question they provided the following additional information relating to applet security:

"If a firewall or server filters packets by IP address, then it would be possible for a downloaded applet to be trusted automatically by the firewall/server(a downloaded applet sending requests from your machine would be sending them with your trusted IP address). "

Just wondering if the above makes sense to anyone? I am not sure if it means the applet would be somehow trusted whilst it is been downloaded or if it means that if an untrusted applet attempts to make calls make to what is not the host from where it was downloaded it would somehow allow such requests

Thanks
Joe
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

That doesn't sound like it has anything to do with the normal meaning of trusted applets, i.e. the user telling the browser to trust the applet with respect to its actions on the client. It sounds more like the scenario of there being a server somewhere, and the applet is sending requests to it, and that server is hard-coded to accept requests only from a certain IP address, so the firewall could send those requests as if they came from that IP address.

But I don't know what that has to do with applets. The firewall could just as well do that with all requests going to that server, and I'm not persuaded that the firewall could even tell that such a request came from an applet. Or that it could be configured to make that distinction.

In other words I guess what I'm saying is that it sounds extremely implausible to me. But then I'm no expert on firewalls.
Joe O'Toole
Ranch Hand

Joined: Mar 02, 2009
Posts: 51
Thanks for the response Paul

Does not make a huge amount of sense to me either. I thought I'd ask as I seen in across a number of the whizlabs mock exams

Joe
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Downloaded applet to be trusted automatically by the firewall/server
 
Similar Threads
applet gui issues
Applets and filereading
Help with 2 common SCEA mock questions
JApplets and page source
Applet across firewall