[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    RE: Java applets access to internal DBs
From:       Bruno.Gillet () France ! Sun ! COM (Bruno Gillet - Sun France Training)
Date:       1996-09-30 11:45:18
[Download RAW message or body]

>From genel@inforamp.net Fri Sep 27 22:04:19 1996
.../...
>On Friday, September 27, 1996 1:10 PM, Jenjen Song[SMTP:jsong@amer.net] 
>wrote:
>>By using Java applets, can a database query be handled on a client machine
>>directly with a database, i.e., without passing through the Web server?
>>if YES, then can Java applets replace the function of CGI?
>>what kind of security should use for the database access to authenticate
>>which Java applet can go in and which should not?
>
>I'm not positive, but I believe the above (making Java connections to a 
>machine other than the Web Server delivering the Java applet) was actually 
>a security vulnerability which was the basis of the Netscape 2.01 --> 2.02 
>patch, although that specific vulenerability dealt with DNS-based attacks 
>on host-names. AFAIK, you cannot make a Java connection with any other 
>machine other than the one which served you the applet. Again, I may be 
>mistaken, others will surely confirm/clarify...

	I confirm that. No connexion can be done on another machine that the
one your applet have been loaded from, whatever method you use ( URL stream,
or Sockets ( direct or jdbc )).
	In another hand, it should be authorized to connect another port
than the one on which the httpd was running (80, 8080, or whatever) on that
server machine.

Hope this helps.

Best regards,
Bruno GILLET.

***** THE CONTENT OF THIS MAIL IS MY OWN OPINION, FROM PERSONNAL INTEREST *****
***** IN NO WAY Sun Microsystem SHOULD BE LINKED WITH IT'S CONTENT	  *****

[prev in list] [next in list] [prev in thread] [next in thread]