0 Replies Latest reply: Apr 19, 2011 3:37 AM by user11207791 RSS

    Untrusted Applet Connection Restrictions


      There is a security rule that untrusted applets and WebStart applications may connect only to hosts from they was downloaded. But I could not find any strict definition of this rule. What does it mean "downloaded"? Different parts of an applet may be downloaded from various hosts: jnlp from one host, library jars from another and own jars from third. What of these hosts figure as a relay host for applets? Possible variants:
      1. Host from .jnlp file was downloaded (or html page containing applet)
      2. Host specified in codebase parameter
      3. Host from a .jar file that contains main class (or Applet class) was downloaded

      Another question is if there is any possibility to connect my applet/webstart app. to various hosts with the same domain? Applet must retrieve information from various hosts but it can be loaded only from one of them. Applet is public and modifying policy file is not a solution. And also I don't want to sign it (it must stay untrusted). Any trick? The only idea I have is write a JavaScript proxy on the page containing applet and use it to make requests...