RE: Sockets,Push and Security

Carl Klapper (CarlKlapper@1stmtg.com)
Thu, 29 Jan 1998 12:40:59 -0500

From: Carl Klapper <CarlKlapper@1stmtg.com>
To: "'Jeff.Nisewanger@Eng.Sun.COM'" <Jeff.Nisewanger@Eng>,
Subject: RE: Sockets,Push and Security
Date: Thu, 29 Jan 1998 12:40:59 -0500

Thanks for the speedy response. I guess this means that my release of
Internet Explorer (IE) does not support JDK 1.1, at least as far as this
feature. Is there a version or configuration of IE and/or Navigator
which supports this feature? I gather that the crux here is the
SecurityManager subclass that is used by these browsers. What should I
say or do for the surfer on our page(s) to get them configured properly?
Or should I ditch the whole idea of an applet and just proceed with
application development?

Thanks in advance for any help.

Carl

-----Original Message-----
From: Jeff.Nisewanger@Eng.Sun.COM
[SMTP:Jeff.Nisewanger@Eng.Sun.COM]
Sent: Wednesday, January 28, 1998 5:51 PM
To: java-security@web1.javasoft.com; CarlKlapper@1stmtg.com;
Roland.Schemers@Eng.Sun.COM
Subject: Re: Sockets,Push and Security

> > The ability of an applet to create a server socket on the
client machine
> > would be a natural implementation of push and, with a
restriction of
> > only accepting connections from the originating machine,
would satisfy
> > the security restrictions in place for client sockets on the
client
> > machine. There does not appear to be any such capability.
If there is,
> > where is it? If there is not, why not?
>
> It is my understanding that applets are allowed to:
>
> - listen on non-privilged ports (>=1024)
>
> - connect and accept connections from the host/server they
came from
>
> Thus it sounds like they should be able to create a server
socket, and
> accept connects from the server they came from. Is this not
your
> experience?

Just to clarify, this has been true since JDK1.1. Prior
to that,
applets were not allowed to create ServerSockets at all.

Jeff