Re: Java

[Justin Mason <jmason @ iona . ie>]

Mike Shaver <shaver @
 neon .
 ingenia .
 com>:

[HotJava security modes:]
>- No Access: [...]
>- Originating host access: the applet can open connections back to the
>host from which it was loaded (although there is a bug that sometimes
>forbids the applet from opening connections to the original host), but
>nowhere else.
>- "Firewall" access: applets can open connections to anywhere outside of
>a user-defined firewall (most likely the netblock(s) of the local
>network, but it's flexible), but not inside.  Sun was thinking, it
>seems.  (Yes, you depend on the user to not do anything stupid.  Yet
>again...)
>- Anything Goes: applets can open any damned connection they please.
>Caveat everyone.

By the way, there's problems with these security modes and a web proxy
(in the 1.0b3 version on Solaris). When an applet tries to access a
URL, it actually opens a connection to the web proxy; this is spotted
by the security mode, and a security exception is raised.

You can see the problems this raises: The only way to get a URL-opening
applet working is to open up security and allow conns to the proxy,
which means that anything the proxy can access, the java applet can
access too. Hey presto, no security mode.

It'd be easy enough to fix this, and I'm sure they will. Just FWIW...

--j.