[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: firewalls & java applets...the race is on!
From:       jim () coltano ! stortek ! com
Date:       1997-09-10 9:49:06
[Download RAW message or body]


 >From owner-firewalls-outgoing@GreatCircle.COM Wed Sep 10 01:25 MDT 1997
 >From: Darren Reed <avalon@coombs.anu.edu.au>
 >Subject: firewalls & java applets...the race is on!
 >To: Firewalls@GreatCircle.COM (Firewalls Mailing List)
 >Date: Wed, 10 Sep 1997 12:18:56 +1000 (EST)
 >
 >I received this from someone else...
 >
 >LEARN TO SNEAK YOUR JAVA APPLETS BEHIND FIREWALLS
 >
 >Java applet security restrictions prevent users who sit behind a
 >corporate firewall or proxy server and who use Netscape Navigator as
 >their primary Web browser from making use of Java applets that
 >connect back to the applet's originating server. At least until now.
 >Read our latest Java Tip to find out how you can bypass these
 >restrictions -- and identify the security risk the technique poses.
 >
 > http://www.javaworld.com/javaworld/javatips/jw-javatip37.html
 >
 >

I looked at this, and find that this is a very good reason to have a policy
that does not permit individual desktops to access resources outside your
network.  And implement the policy on a packet filtering router.  And it
is probably a justification for doing both packet filtering as well as 
application gateways.

I am particularly disturbed that javaworld would publish this.  It is
completely irresponsible.  I can bet that some time today, I am going to 
have a user call the help desk, open a severity 1 problem that he can't
get to some mission critical applet after attempting this hack.  And then
I am going to have to get his butt fired for a breach of security attempt.

[prev in list] [next in list] [prev in thread] [next in thread]