Firewalls: RE: Java applets access to internal DBs

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	RE: Java applets access to internal DBs
From:	Gene Lee <genel @ inforamp . net>
Date:	Fri, 27 Sep 1996 14:58:59 -0400
To:	"Firewalls @ GreatCircle . COM" <Firewalls @ GreatCircle . COM>

On Friday, September 27, 1996 1:10 PM, Jenjen Song[SMTP:jsong @
 amer .
 net] 
wrote:
>By using Java applets, can a database query be handled on a client machine
>directly with a database, i.e., without passing through the Web server?
>if YES, then can Java applets replace the function of CGI?
>what kind of security should use for the database access to authenticate
>which Java applet can go in and which should not?

I'm not positive, but I believe the above (making Java connections to a 
machine other than the Web Server delivering the Java applet) was actually 
a security vulnerability which was the basis of the Netscape 2.01 --> 2.02 
patch, although that specific vulenerability dealt with DNS-based attacks 
on host-names. AFAIK, you cannot make a Java connection with any other 
machine other than the one which served you the applet. Again, I may be 
mistaken, others will surely confirm/clarify...

--
Gene Lee
genel @
 inforamp .
 net
genelee @
 vnet .
 ibm .
 com

Follow-Ups:

Re: Java applets access to internal DBs
From: blymn @ awadi . com . au (Brett Lymn)

Indexed By Date	Previous:	Re: Mitnick faces 25 more federal counts From: Paul Ferguson <pferguso @ cisco . com>
Indexed By Date	Next:	Re: 'secure' intranet mailreading? From: Fernando . da . Silveira . Montenegro @ nutspgw . nutec . com . br (silveira @ nutec . com . br)
Indexed By Thread	Previous:	Java applets access to internal DBs From: jsong @ amer . net (Jenjen Song)
Indexed By Thread	Next:	Re: Java applets access to internal DBs From: blymn @ awadi . com . au (Brett Lymn)