Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Java Sockets and Firewalls

From: Steve Kann <stevek () SteveK COM>
Date: Tue, 2 Jun 1998 15:24:18 -0400
On Mon, May 11, 1998 at 12:32:43PM +0100, Justin Mason wrote:

(accidentally lost the attribution for this first paragraph):

*  If a java applet is retrieved through a proxy server, does the
browser consider it downloaded from the proxy or the actual server? Are
there any problems given the network security sandbox and issues such as
proxy servers or routers which perform network address translation?


The browser considers it downloaded from the actual server. This means
that the applet will only be able to connect to the same server hostname
(note: stringwise comparison, so connecting to "realname.iona.com" will
not be allowed if the applet was downloaded from "www.iona.com").

This raises an issue: if there are proxy servers the applet will not be
able to connect via them, unless they are transparent (a la NAT) or the
applet is signed (in which case it can connect to any host).

This is why so many java applets use HTTP, and the built-in HTTP support
classes java.net.URL and java.net.URLConnection, to communicate with their
servers; the built-in classes can generally use the browser's HTTP layer
and will therefore use the appropriate HTTP proxies.


Sorry to hash up such an old thread, but I've been seeing some issues,
and I think it's time to see if others share my experiences.

I'm developing a chat-based system which I hope will be able to traverse
most "typical" corporate firewalls.   In it's most "firewall-friendly"
mode, the applet uses UrlConnection(s) to talk to a cgi on the
originating server.  I've tested this through our own proxy server, both
in a transparent environment (the browser is not configured to use a
proxy, but the proxy intercepts the HTTP requests), and in a
specifically configured more, and it seems to work just as expected.

I've gotten a couple of reports, (and have seen in my logs) instances
where the UrlConnection is failing.  This occurred with IE4 and Netscape
4 on Win32 platforms.   It is not that their proxy is stripping or
blocking Java applets, because the applet does load, and does give an
error message.

I'd appreciate it if anyone has any advice for me, or if those of you
working on, or behind various types of firewalls could give my applet a
go, and let me know what happens..

You can get to it via http://demo.horizonlive.com/ or, perhaps quicker
via http://demo.horizonlive.com/dls/launcher.cgi (saves you one click).

It should work on Win32:(ie3.02+, ns3.0+), Unix(ns3.0+), Mac(ns3.0+),
through firewalls that allow java and javascript.

Thanks!


-SteveK



-- 
     Steve Kann - Horizon Live Distance Learning - 841 Broadway, Suite 502
 Personal:stevek () SteveK COM  Business:stevek () HorizonLive com  (212) 533-1775
  I don't want your product or service, and I don't want to make money fast,
    so please don't send me your junk mail telling me about any of it.
Previous By Date Next
Previous By Thread Next

Current thread: