Bugtraq mailing list archives
Applets listening on Sockets in Java
From: lstein () cshl org (Lincoln Stein)
Date: Sat, 13 Feb 1999 14:02:38 -0500
Tim Wright writes:
<alx () acm org> and I recently explored the "security hole" in Java where an applet can listen on a port, and accept connections from any machine, rather than just the machine from which the applet was down-loaded. The code which was posted to BugTraq does appear to exhibit this behavior. However, on closer inspection the posted code only created a class to listen on a socket, and did not call the method to accept connections from that socket. It turns out that the SecurityException is (correctly) thrown during the accept method call.
That's with connection-oriented sockets. What about UDP sockets? Lincoln -- ======================================================================== Lincoln D. Stein Cold Spring Harbor Laboratory lstein () cshl org Cold Spring Harbor, NY ========================================================================
Current thread:
- Re: Microsoft Access 97 Stores Database Password as Plaintext, (continued)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Jim Paris (Feb 09)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Jim Paris (Feb 09)
- SECURITY: new wu-ftpd packages available (fwd) RHS Linux User (Feb 09)
- Re: SECURITY: new wu-ftpd packages available (fwd) Ronald Wahl (Feb 10)
- Pro/wuFTPD DoS (Was: Re: SECURITY: new wu-ftpd packages available Ken Williams (Feb 11)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Billy Naylor (Feb 12)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Ian Smith (Feb 12)
- Applets listening on Sockets in Java Tim Wright (Feb 12)
- Applets listening on Sockets in Java Lincoln Stein (Feb 13)
- Re: Applets listening on Sockets in Java Tim Wright (Feb 15)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Michael Nelson (Feb 12)