[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    RE: Java applets access to internal DBs
From:       Gene Lee <genel () inforamp ! net>
Date:       1996-09-27 14:58:59
[Download RAW message or body]

On Friday, September 27, 1996 1:10 PM, Jenjen Song[SMTP:jsong@amer.net] 
wrote:
>By using Java applets, can a database query be handled on a client machine
>directly with a database, i.e., without passing through the Web server?
>if YES, then can Java applets replace the function of CGI?
>what kind of security should use for the database access to authenticate
>which Java applet can go in and which should not?

I'm not positive, but I believe the above (making Java connections to a 
machine other than the Web Server delivering the Java applet) was actually 
a security vulnerability which was the basis of the Netscape 2.01 --> 2.02 
patch, although that specific vulenerability dealt with DNS-based attacks 
on host-names. AFAIK, you cannot make a Java connection with any other 
machine other than the one which served you the applet. Again, I may be 
mistaken, others will surely confirm/clarify...

--
Gene Lee
genel@inforamp.net
genelee@vnet.ibm.com

[prev in list] [next in list] [prev in thread] [next in thread]