• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 199
  • Last Modified:

Applet Security Problem.I really need your help!!!!!!!!!!!!!!!

hi there,
i have an applet,i call it from server1,this applet calls(by pressing a button)calls a servlet located on server2 & this servlet connects to a database on its same server(server2)& returns the records retrieved to the calling applet which reads them via DataInputStream and display each line in a TextArea component.when i do this i get the follwing exception:
com.ms.security.SecurityExceptionEx TestApplet$ButtonHandler.actionPerformed]: cannot connect to "server2" at com/ms/security/permissions/NetIOPermission.check (NetIOPermission.java)
     at com/ms/security/PolicyEngine.deepCheck (PolicyEngine.java)
     at com/ms/security/PolicyEngine.checkPermission (PolicyEngine.java)
     at com/ms/security/StandardSecurityManager.chk (StandardSecurityManager.java)
     at com/ms/security/StandardSecurityManager.chkex (StandardSecurityManager.java)
     at com/ms/security/StandardSecurityManager.checkConnect (StandardSecurityManager.java)
     at com/ms/net/wininet/WininetURLConnection.connect (WininetURLConnection.java)
     at com/ms/net/wininet/WininetURLConnection.getInputStream (WininetURLConnection.java)
     at TestApplet$ButtonHandler.actionPerformed (TestApplet.java:31)
     at java/awt/Button.processActionEvent (Button.java:256)
     at java/awt/Button.processEvent (Button.java:228)
     at java/awt/Component.dispatchEventImpl (Component.java:1802)
     at java/awt/Component.dispatchEvent (Component.java:1739)
     at java/awt/EventDispatchThread.run (EventDispatchThread.java:72)

Note : 1- the 2 servers has 2 different domains.
2- is it a signing problem? if yes i need a detailed process to make it a signed applet.(i have no experience in this issues at all)
3- shall i bring my code here?i will if you need it.

please help, i will appreciate any comment or solution.
thanx in advance.
samjav

0
samjav
Asked:
samjav
  • 7
  • 5
  • 5
  • +2
1 Solution
 
OviCommented:
The problem is the different from different servers that you are using. The applet can access only the server from where was downloaded. Is not a problem of signing, the applets must be signed for the case of accessing the client machine (local harddisk).

I suggest you to use a cgi, located on the server 1, to make queries to the server 2, and the put the applet to communicate with the script.
0
 
samjavAuthor Commented:
i don't know how to do this,can you suggest any links about this topic i would be gratefull.
 
0
 
objectsCommented:
As Ovi mentioned unsigned applets can only connect to the host they were loaded from.
Signing your applet will allow to to connect to other hosts.

Here are some instructions on how to sign your applet:

http://www.jguru.com/faq/view.jsp?EID=35936
http://www.jguru.com/faq/view.jsp?EID=35804


0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
samjavAuthor Commented:
i don't know how to do this,can you suggest any links about this topic i would be gratefull.
 
0
 
samjavAuthor Commented:
i don't know how to do this,can you suggest any links about this topic i would be gratefull.
 
0
 
objectsCommented:
Links about what?
I included two links covering applet signing above.
0
 
OviCommented:
As I said before :

"The applet can access only the
server from where was downloaded. IS NOT a problem of signing, ... "

For links I don't have. To use CGI you must know Perl programming language.

If you are interested in signing just search at www.google.com for "applet signing" or "signed applet" and you will find tones of very usefull links.

Another suggestion is to put the applet on the server2 (if is a web server). Or to build a daemon application on server1 which receive requests from the applet, solve'it, and return to this the result.
0
 
omry_yCommented:
Ovi, a signed applet can access ANY host.
0
 
OviCommented:
It make no sense, for what needs the CLIENT to grant permision to access a different machine, other than the client one ? Perhaps I've missunderstud the applet sequrity concepts, but again I believe is a silly thing.
0
 
omry_yCommented:
suppose you want to write a client that bombs www.yahoo.com with endless crap.
how will you do it?

or a less hostile example, you want to write a telnet client (a program that connects other computers), how will you do it?

or a real world example :
a client that connects to more than one server.
0
 
objectsCommented:
Yep, a signed applet can definitely access any host it wants.
0
 
OviCommented:
I remain to the same opinion. The applet need to be signed in order to request rights to the client machine. As default sequrity issue the applet does not have permision to access different hosts other than the one from which it comes, even if is signed.

http://java.sun.com/docs/books/tutorial/applet/practical/workaround.html
http://java.sun.com/sfaq/#read
0
 
OviCommented:
For samjav : You can create a server-part java daemon thread instead of a CGI if you don't know Perl, and use'it as in the example from the first link in the comment above.
0
 
objectsCommented:
Ovi,

The references you quoted don't really discuss signed applets.

From jguru faq:
http://www.jguru.com/faq/view.jsp?EID=107008
0
 
objectsCommented:
ovi> To use CGI you must know Perl programming language

You can really use any language you want for CGI, including Java.
0
 
omry_yCommented:
objects, if you gonna use java for server side, better use servlets, not CGI. :-)

ovi : wether the signed applet need to request permissions to connect to the remote host or not is browser specfic.
generaly, in netscape you must ask for permission and explorer you need to ask for permission only in the main thread (the one that calls init,start,stop and destroy).



0
 
objectsCommented:
omry_y, but sometimes servlets aren't an option, and it wasn't meant as a recomendation to use Java for cgi :-)
0
 
Asta CuCommented:
Hopefully you've already been helped with this question, but thought you'd appreciate knowing this.  It would be great if you could bring this question to a conclusion, awarding the experts above who helped you with points or a comment to them on your status today.

WindowsUpdate has new updates for .NET users; Details follow - Microsoft .NET Framework
The .NET Framework is a new feature of Windows. Applications built using the .NET Framework are more reliable and secure. You need to install the .NET Framework only if you have software that requires it.

For more information about the .NET Framework, see http://www.microsoft.com/net. (This site is in English.)

System Requirements
The .NET Framework can be installed on the following operating systems:
Windows 98
Windows 98 Second Edition (SE)
Windows Millennium Edition (Windows Me)
Windows NT 4.0® (Workstation or Server) with Service Pack 6.0a
Windows 2000 with the latest service pack installed (Professional, Server, Datacenter Server, or Advanced Server)
Windows XP (Home Edition and Professional)
You must be running Internet Explorer version 5.01 or later for all installations of the .NET Framework.

To install the .NET Framework, your computer must meet or exceed the following software and hardware requirements:

Software requirements for server operating systems:
MDAC 2.6
Hardware requirements:
For computers running only a .NET Framework application, Pentium 90 mHz CPU with 32 MB memory or the minimum CPU and RAM required by the operating system, whichever is higher.
For server operating systems, Pentium 133 mHz CPU with 128 MB memory or the minimum CPU and RAM required by the operating system, whichever is higher.
Recomended software:
MDAC 2.7 is recommended.
Recommended hardware: For computers running only a .NET Framework application, Pentium 90 MHz CPU with 96 MB memory or the minimum CPU and RAM required by the operating system, whichever is higher.
For server operating systems, Pentium 133 MHz CPU with 256 MB memory or the minimum CPU and RAM required by the operating system, whichever is higher.

How to use -> Restart your computer to complete the installation. No other action is required to run .NET Framework applications. If you are developing applications using the .NET Framework, you can use the command-line compilers or you can use a development environment, such as Visual Studio .NET, that supports using the .NET Framework.

How to uninstall
To uninstall the .NET Framework: Click Start, point to Settings, and then click Control Panel (In Windows XP, click Start and then click Control Panel.).
Click Add/Remove Programs.
Click Microsoft .NET Framework (English) v1.0.3705 and then click Change/Remove.
More here  http://www.microsoft.com/net/

The .NET topic is being considered for addition to our All Topics link soon, so this may interest you as well:
http://www.experts-exchange.com/newtopics/Q.20276589.html

EXPERTS POINTS are waiting to be claimed here:  http://www.experts-exchange.com/commspt/Q.20277028.html

":0)
Asta


0
 
samjavAuthor Commented:
Sorry guys for lating in awarding this question. Thank you Astaec for your information & for reminding me. i am really sorry :)
0
 
samjavAuthor Commented:
Sorry guys for lating in awarding this question. Thank you Astaec for your information & for reminding me. i am really sorry :)
Thank you all for your help.
i really appreciated it.
samjav

0
 
objectsCommented:
0
 
Asta CuCommented:
Thank you, samjav.  I'm very happy to have brought this reminder to you and we all appreciate your responsiveness here.  I find that it helpful to click my Member Profile and view my Question History to keep track of all my open and locked questions.  This helps to not lose track of items here.  Again, thanks.
":0)
Asta
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 7
  • 5
  • 5
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now