security in applets - sockets accross domains - Programmers Heaven

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

Welcome to the new platform of Programmer's Heaven! We apologize for the inconvenience caused, if you visited us from a broken link of the previous version. The main reason to move to a new platform is to provide more effective and collaborative experience to you all. Please feel free to experience the new platform and use its exciting features. Contact us for any issue that you need to get clarified. We are more than happy to help you.

security in applets - sockets accross domains

Josh CodeJosh Code Posts: 675Member
In an applet, the permission to connect a socket to a machine in any other domain is denied.

I want to make a socket to a machine in another domain, though. If I can't solve or get around this problem, I could make an application that would then have permission to do almost anything but this would be extra work for the web user and the user interface would still be through the website.

Do you know a way of changing web browser settings or the security management of the JVM to allow cross domain connections?


Thanks

Comments

  • VilanyeVilanye Posts: 684Member
    : In an applet, the permission to connect a socket to a machine in any other domain is denied.
    :
    : I want to make a socket to a machine in another domain, though. If I can't solve or get around this problem, I could make an application that would then have permission to do almost anything but this would be extra work for the web user and the user interface would still be through the website.
    :
    : Do you know a way of changing web browser settings or the security management of the JVM to allow cross domain connections?
    :
    :
    : Thanks
    :


    Sign the applet

    http://java.sun.com/developer/technicalArticles/Security/Signed/

    be aware that it is expensive.

    Or you can try and force every end-user of your program to reduce the security settings in their browser, good luck with that. :)

    IMO, applets are mostly pointless. Whatever app you are creating has to be downloaded anyway, so it is saving little. Running in a browser is just extra overhead an application doesn't usually have.


    [italic][blue]Just my 2 bits[/blue][/italic]

  • Josh CodeJosh Code Posts: 675Member
    [b][red]This message was edited by Josh Code at 2006-8-28 6:44:1[/red][/b][hr]
    : : In an applet, the permission to connect a socket to a machine in any other domain is denied.
    : :
    : : I want to make a socket to a machine in another domain, though. If I can't solve or get around this problem, I could make an application that would then have permission to do almost anything but this would be extra work for the web user and the user interface would still be through the website.
    : :
    : : Do you know a way of changing web browser settings or the security management of the JVM to allow cross domain connections?
    : :
    : :
    : : Thanks
    : :
    :
    :
    : Sign the applet
    :
    : http://java.sun.com/developer/technicalArticles/Security/Signed/
    :
    : be aware that it is expensive.
    :
    : Or you can try and force every end-user of your program to reduce the security settings in their browser, good luck with that. :)
    :
    : IMO, applets are mostly pointless. Whatever app you are creating has to be downloaded anyway, so it is saving little. Running in a browser is just extra overhead an application doesn't usually have.
    :
    :
    : [italic][blue]Just my 2 bits[/blue][/italic]
    :

    Thanks

    For now, the website can function without having the applet communicating accross domains. This is because a chat service the server connects with is not restricting each IP to a maximum of 1 user, however, I don't know how long this will last. If need be, I'd probably offer the downloadable proxy application so the user can still chat through the website but the server can use this proxy application to get around the cross-domain restrictions facing applets. From the chat service's perspective, the proxy can give the impression that each user has a unique IP.

    Your opinion was that an application was the way to go so in the interest of learning more of the pros and cons of this decision, I'd like to explain why I've tried working with applets.

    I'm using applets instead of applications for a few reasons.
    - for users, no installing of software, just visit website
    - easily making pleasent UI with CSS, JavaScript... instead of having to use loads of Java code for event handlers and all the specific layout managers...
    - learning new things like LiveConnect and the restrictions of applets

    The resulting system can't be standalone because too many people crack standalone software. Instead, this will be a service so a downloadable application will still only be a skeleton. If all an application is for is a UI, I prefer DHTML for making UI over the ugly Java code for UI.


  • VilanyeVilanye Posts: 684Member
    : [b][red]This message was edited by Josh Code at 2006-8-28 6:44:1[/red][/b][hr]
    : : : In an applet, the permission to connect a socket to a machine in any other domain is denied.
    : : :
    : : : I want to make a socket to a machine in another domain, though. If I can't solve or get around this problem, I could make an application that would then have permission to do almost anything but this would be extra work for the web user and the user interface would still be through the website.
    : : :
    : : : Do you know a way of changing web browser settings or the security management of the JVM to allow cross domain connections?
    : : :
    : : :
    : : : Thanks
    : : :
    : :
    : :
    : : Sign the applet
    : :
    : : http://java.sun.com/developer/technicalArticles/Security/Signed/
    : :
    : : be aware that it is expensive.
    : :
    : : Or you can try and force every end-user of your program to reduce the security settings in their browser, good luck with that. :)
    : :
    : : IMO, applets are mostly pointless. Whatever app you are creating has to be downloaded anyway, so it is saving little. Running in a browser is just extra overhead an application doesn't usually have.
    : :
    : :
    : : [italic][blue]Just my 2 bits[/blue][/italic]
    : :
    :
    : Thanks
    :
    : For now, the website can function without having the applet communicating accross domains. This is because a chat service the server connects with is not restricting each IP to a maximum of 1 user, however, I don't know how long this will last. If need be, I'd probably offer the downloadable proxy application so the user can still chat through the website but the server can use this proxy application to get around the cross-domain restrictions facing applets. From the chat service's perspective, the proxy can give the impression that each user has a unique IP.
    :
    : Your opinion was that an application was the way to go so in the interest of learning more of the pros and cons of this decision, I'd like to explain why I've tried working with applets.
    :
    : I'm using applets instead of applications for a few reasons.
    : - for users, no installing of software, just visit website
    : - easily making pleasent UI with CSS, JavaScript... instead of having to use loads of Java code for event handlers and all the specific layout managers...
    : - learning new things like LiveConnect and the restrictions of applets
    :
    : The resulting system can't be standalone because too many people crack standalone software. Instead, this will be a service so a downloadable application will still only be a skeleton. If all an application is for is a UI, I prefer DHTML for making UI over the ugly Java code for UI.
    :
    :
    :
    I agree with points 2 and 3. Swing can be a nightmare.

    The first one is ignoring the fact that applets are downloaded and saved to the hard drive, so software is installed. Much can be figured out from even a "skeleton" app. So you still need to make sure your server can handle "bad" data, or your server will be severely comprimised. of course with a stand alone app this is still a serious concern, so you are really saving nothing, other then avoiding the hassles of swing.
    [italic][blue]Just my 2 bits[/blue][/italic]

Sign In or Register to comment.