On Friday, September 27, 1996 1:10 PM, Jenjen Song[SMTP:jsong @
>By using Java applets, can a database query be handled on a client machine
>directly with a database, i.e., without passing through the Web server?
>if YES, then can Java applets replace the function of CGI?
>what kind of security should use for the database access to authenticate
>which Java applet can go in and which should not?
I'm not positive, but I believe the above (making Java connections to a
machine other than the Web Server delivering the Java applet) was actually
a security vulnerability which was the basis of the Netscape 2.01 --> 2.02
patch, although that specific vulenerability dealt with DNS-based attacks
on host-names. AFAIK, you cannot make a Java connection with any other
machine other than the one which served you the applet. Again, I may be
mistaken, others will surely confirm/clarify...