This discussion is archived
0 Replies Latest reply: Apr 19, 2011 1:37 AM by user11207791 RSS

Untrusted Applet Connection Restrictions

user11207791 Newbie
Currently Being Moderated
Hi,

There is a security rule that untrusted applets and WebStart applications may connect only to hosts from they was downloaded. But I could not find any strict definition of this rule. What does it mean "downloaded"? Different parts of an applet may be downloaded from various hosts: jnlp from one host, library jars from another and own jars from third. What of these hosts figure as a relay host for applets? Possible variants:
1. Host from .jnlp file was downloaded (or html page containing applet)
2. Host specified in codebase parameter
3. Host from a .jar file that contains main class (or Applet class) was downloaded


Another question is if there is any possibility to connect my applet/webstart app. to various hosts with the same domain? Applet must retrieve information from various hosts but it can be loaded only from one of them. Applet is public and modifying policy file is not a solution. And also I don't want to sign it (it must stay untrusted). Any trick? The only idea I have is write a JavaScript proxy on the page containing applet and use it to make requests...

Antón

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points