'Re: JAVA applets connecting to "servlets"...'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: JAVA applets connecting to "servlets"...
From:       Ryan Russell/SYBASE
Date:       1997-07-21 14:11:31
[Download RAW message or body]

Does anyone know if there are APIs for
applets to look into the proxy fields of, 
say, your Netscape config?  Seems that
an applet would only need to know how
to speak to a socks and/or cern
proxy to function.

Even if you only allow certain protocols, 
there is the whole covert channel thing,
i.e. passing info back by requesting
certain URLs, or looking up certain
DNS names.

    Ryan

---------- Previous Message ----------
To: beck
cc: firewalls
From: thierry.agassis@bluewin.ch (Thierry AGASSIS) @ smtp
Date: 07/21/97 06:40:02 PM
Subject: Re: JAVA applets connecting to "servlets"...

Thank's Bob.

But the applet has to be aware of the proxy, doesn't it ?
Because it tries to address its server...or do I miss something ?

I meant, to be able to use any applet coming in, as long as its
signature is recognized and the source is trusted.

Any more light ?

Thank's again and best regards !

Thierry A.

P.S: again, please, copy my personnal address, too. I'm not part of the 
list due to low bandwidth at home.

Bob Beck wrote:
> 
> >
> > Hi,
> >
> > Suppose we have a firewall with proxies only and which let no IP traffic
> > through.
> > What alternatives should be considerred to make applets running inside
> > to be able to connect to their respective servlet (if any) on the host
> > they come from (outside the FW, of course) ? (let's assume the applets
> > are authentified thank's to some signature mechanism).
> >
> > Are there specialized JAVA libraries aware of some tcp relay to contact
> > if the destination IP address is outside the local domain/firewall ?
> > Is there a well known port reserved for that ?
> >
> > Any other alternative ?
> 
>         Sure, if you're running a transparent proxy, have a transparent
> outbound pass-through proxy for any source port to the machine the servelets
> are running on, or in general to any. If you are going to allow a
> "tcp relay to contact if the destination is outside the firewall", you might
> as well do it this way, then there's no special changes.
> 
>         -Bob

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic