help on applet making network connections

Herve Rivere (Hrivere@netspeak.com)
Fri, 23 Apr 1999 10:51:37 -0400

From: Herve Rivere <Hrivere@netspeak.com>
To: "'java-security@java.sun.com'" <java-security@java.sun.com>
Subject: help on applet making network connections
Date: Fri, 23 Apr 1999 10:51:37 -0400

Good morning Marianne,

I found the folowing message (see below) on the JDC security archive and I
hope that you can answer me (or point me to the corresponding person).

We would like from a downloaded signed applet to be able to open a UDP
connection (SNMP request)to another machine. Our current understanding is
that it can be done through a local applet (see your actual message below)
but could it be done now with a signed applet (this will avoid us to have to
install the applet on all clients) ?

If so, is it a safe and consistent mechanism (i.e. across all the web
servers (IE, Netscape ...)) ?

Many thanks in advance for any help you can provide us.


Date: Fri, 25 Jul 1997 14:13:23 -0700
Message-Id: <199707252113.OAA03162@puffin.eng.sun.com>
From: Marianne Mueller <mrm@Eng>
To: jasmin@csdc.fujitsu.com.sg
Subject: Re: Applets making network connections
The fine-grained access control that you would like to do is supported
in the next major release of the JDK (the name for this is probably
JDK 1.2, but release names are subject to change ...!)
The first public release of that JDK is set for the fall of 1997.
Java licensees are experimenting with JDK 1.2; I'm not sure if Fujitsu
is a licensee or not. You can also sign up for early access for JDK
1.2 through the Java Developer Connection, <http://java.sun.com/jdc>
The typical ways to get around the applet's networking restriction is
to install the applet on all the clients that need it, in a directory
that is on the CLASSPATH, and then the applet is allowed full access.
I don't recommend doing this, but I know this is one way that people
get around the networking restriction. I think the better thing to
do is to use the fine-grain access control in JDK 1.2.
RMI per se won't remove any restrictions placed on downloaded applets.
Downloaded applets simply are restricted as to what they can do.
Marianne