Solved

Applet Security Problem.I really need your help!!!!!!!!!!!!!!!

Posted on 2001-08-15
22
189 Views
Last Modified: 2013-12-29
hi there,
i have an applet,i call it from server1,this applet calls(by pressing a button)calls a servlet located on server2 & this servlet connects to a database on its same server(server2)& returns the records retrieved to the calling applet which reads them via DataInputStream and display each line in a TextArea component.when i do this i get the follwing exception:
com.ms.security.SecurityExceptionEx TestApplet$ButtonHandler.actionPerformed]: cannot connect to "server2" at com/ms/security/permissions/NetIOPermission.check (NetIOPermission.java)
     at com/ms/security/PolicyEngine.deepCheck (PolicyEngine.java)
     at com/ms/security/PolicyEngine.checkPermission (PolicyEngine.java)
     at com/ms/security/StandardSecurityManager.chk (StandardSecurityManager.java)
     at com/ms/security/StandardSecurityManager.chkex (StandardSecurityManager.java)
     at com/ms/security/StandardSecurityManager.checkConnect (StandardSecurityManager.java)
     at com/ms/net/wininet/WininetURLConnection.connect (WininetURLConnection.java)
     at com/ms/net/wininet/WininetURLConnection.getInputStream (WininetURLConnection.java)
     at TestApplet$ButtonHandler.actionPerformed (TestApplet.java:31)
     at java/awt/Button.processActionEvent (Button.java:256)
     at java/awt/Button.processEvent (Button.java:228)
     at java/awt/Component.dispatchEventImpl (Component.java:1802)
     at java/awt/Component.dispatchEvent (Component.java:1739)
     at java/awt/EventDispatchThread.run (EventDispatchThread.java:72)

Note : 1- the 2 servers has 2 different domains.
2- is it a signing problem? if yes i need a detailed process to make it a signed applet.(i have no experience in this issues at all)
3- shall i bring my code here?i will if you need it.

please help, i will appreciate any comment or solution.
thanx in advance.
samjav

0
Comment
Question by:samjav
  • 7
  • 5
  • 5
  • +2
22 Comments
 
LVL 9

Expert Comment

by:Ovi
ID: 6387317
The problem is the different from different servers that you are using. The applet can access only the server from where was downloaded. Is not a problem of signing, the applets must be signed for the case of accessing the client machine (local harddisk).

I suggest you to use a cgi, located on the server 1, to make queries to the server 2, and the put the applet to communicate with the script.
0
 

Author Comment

by:samjav
ID: 6387339
i don't know how to do this,can you suggest any links about this topic i would be gratefull.
 
0
 
LVL 92

Accepted Solution

by:
objects earned 300 total points
ID: 6387375
As Ovi mentioned unsigned applets can only connect to the host they were loaded from.
Signing your applet will allow to to connect to other hosts.

Here are some instructions on how to sign your applet:

http://www.jguru.com/faq/view.jsp?EID=35936
http://www.jguru.com/faq/view.jsp?EID=35804


0
 

Author Comment

by:samjav
ID: 6387377
i don't know how to do this,can you suggest any links about this topic i would be gratefull.
 
0
 

Author Comment

by:samjav
ID: 6387406
i don't know how to do this,can you suggest any links about this topic i would be gratefull.
 
0
 
LVL 92

Expert Comment

by:objects
ID: 6387420
Links about what?
I included two links covering applet signing above.
0
 
LVL 9

Expert Comment

by:Ovi
ID: 6387471
As I said before :

"The applet can access only the
server from where was downloaded. IS NOT a problem of signing, ... "

For links I don't have. To use CGI you must know Perl programming language.

If you are interested in signing just search at www.google.com for "applet signing" or "signed applet" and you will find tones of very usefull links.

Another suggestion is to put the applet on the server2 (if is a web server). Or to build a daemon application on server1 which receive requests from the applet, solve'it, and return to this the result.
0
 
LVL 4

Expert Comment

by:omry_y
ID: 6387689
Ovi, a signed applet can access ANY host.
0
 
LVL 9

Expert Comment

by:Ovi
ID: 6387841
It make no sense, for what needs the CLIENT to grant permision to access a different machine, other than the client one ? Perhaps I've missunderstud the applet sequrity concepts, but again I believe is a silly thing.
0
 
LVL 4

Expert Comment

by:omry_y
ID: 6387926
suppose you want to write a client that bombs www.yahoo.com with endless crap.
how will you do it?

or a less hostile example, you want to write a telnet client (a program that connects other computers), how will you do it?

or a real world example :
a client that connects to more than one server.
0
 
LVL 92

Expert Comment

by:objects
ID: 6390579
Yep, a signed applet can definitely access any host it wants.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 9

Expert Comment

by:Ovi
ID: 6391428
I remain to the same opinion. The applet need to be signed in order to request rights to the client machine. As default sequrity issue the applet does not have permision to access different hosts other than the one from which it comes, even if is signed.

http://java.sun.com/docs/books/tutorial/applet/practical/workaround.html
http://java.sun.com/sfaq/#read
0
 
LVL 9

Expert Comment

by:Ovi
ID: 6391432
For samjav : You can create a server-part java daemon thread instead of a CGI if you don't know Perl, and use'it as in the example from the first link in the comment above.
0
 
LVL 92

Expert Comment

by:objects
ID: 6391511
Ovi,

The references you quoted don't really discuss signed applets.

From jguru faq:
http://www.jguru.com/faq/view.jsp?EID=107008
0
 
LVL 92

Expert Comment

by:objects
ID: 6391569
ovi> To use CGI you must know Perl programming language

You can really use any language you want for CGI, including Java.
0
 
LVL 4

Expert Comment

by:omry_y
ID: 6391835
objects, if you gonna use java for server side, better use servlets, not CGI. :-)

ovi : wether the signed applet need to request permissions to connect to the remote host or not is browser specfic.
generaly, in netscape you must ask for permission and explorer you need to ask for permission only in the main thread (the one that calls init,start,stop and destroy).



0
 
LVL 92

Expert Comment

by:objects
ID: 6391854
omry_y, but sometimes servlets aren't an option, and it wasn't meant as a recomendation to use Java for cgi :-)
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 6931901
Hopefully you've already been helped with this question, but thought you'd appreciate knowing this.  It would be great if you could bring this question to a conclusion, awarding the experts above who helped you with points or a comment to them on your status today.

WindowsUpdate has new updates for .NET users; Details follow - Microsoft .NET Framework
The .NET Framework is a new feature of Windows. Applications built using the .NET Framework are more reliable and secure. You need to install the .NET Framework only if you have software that requires it.

For more information about the .NET Framework, see http://www.microsoft.com/net. (This site is in English.)

System Requirements
The .NET Framework can be installed on the following operating systems:
Windows 98
Windows 98 Second Edition (SE)
Windows Millennium Edition (Windows Me)
Windows NT 4.0® (Workstation or Server) with Service Pack 6.0a
Windows 2000 with the latest service pack installed (Professional, Server, Datacenter Server, or Advanced Server)
Windows XP (Home Edition and Professional)
You must be running Internet Explorer version 5.01 or later for all installations of the .NET Framework.

To install the .NET Framework, your computer must meet or exceed the following software and hardware requirements:

Software requirements for server operating systems:
MDAC 2.6
Hardware requirements:
For computers running only a .NET Framework application, Pentium 90 mHz CPU with 32 MB memory or the minimum CPU and RAM required by the operating system, whichever is higher.
For server operating systems, Pentium 133 mHz CPU with 128 MB memory or the minimum CPU and RAM required by the operating system, whichever is higher.
Recomended software:
MDAC 2.7 is recommended.
Recommended hardware: For computers running only a .NET Framework application, Pentium 90 MHz CPU with 96 MB memory or the minimum CPU and RAM required by the operating system, whichever is higher.
For server operating systems, Pentium 133 MHz CPU with 256 MB memory or the minimum CPU and RAM required by the operating system, whichever is higher.

How to use -> Restart your computer to complete the installation. No other action is required to run .NET Framework applications. If you are developing applications using the .NET Framework, you can use the command-line compilers or you can use a development environment, such as Visual Studio .NET, that supports using the .NET Framework.

How to uninstall
To uninstall the .NET Framework: Click Start, point to Settings, and then click Control Panel (In Windows XP, click Start and then click Control Panel.).
Click Add/Remove Programs.
Click Microsoft .NET Framework (English) v1.0.3705 and then click Change/Remove.
More here  http://www.microsoft.com/net/

The .NET topic is being considered for addition to our All Topics link soon, so this may interest you as well:
http://www.experts-exchange.com/newtopics/Q.20276589.html

EXPERTS POINTS are waiting to be claimed here:  http://www.experts-exchange.com/commspt/Q.20277028.html

":0)
Asta


0
 

Author Comment

by:samjav
ID: 6933167
Sorry guys for lating in awarding this question. Thank you Astaec for your information & for reminding me. i am really sorry :)
0
 

Author Comment

by:samjav
ID: 6933171
Sorry guys for lating in awarding this question. Thank you Astaec for your information & for reminding me. i am really sorry :)
Thank you all for your help.
i really appreciated it.
samjav

0
 
LVL 92

Expert Comment

by:objects
ID: 6933183
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 6933865
Thank you, samjav.  I'm very happy to have brought this reminder to you and we all appreciate your responsiveness here.  I find that it helpful to click my Member Profile and view my Question History to keep track of all my open and locked questions.  This helps to not lose track of items here.  Again, thanks.
":0)
Asta
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

INTRODUCTION Working with files is a moderately common task in Java.  For most projects hard coding the file names, using parameters in configuration files, or using command-line arguments is sufficient.   However, when your application has vi…
Introduction This article is the first of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article explains our test automation goals. Then rationale is given for the tools we use to a…
Viewers learn about the third conditional statement “else if” and use it in an example program. Then additional information about conditional statements is provided, covering the topic thoroughly. Viewers learn about the third conditional statement …
This video teaches viewers about errors in exception handling.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now