Netscape Applet Security showDocument

Similar Messages

• Oracle8i JDBC Guide Example Not Working-applet security

  I was having problems with a JDK1.1.7 applet that I want to get
  working with Netscape 4.07 and my Oracle 8.0.5 installation. I
  am using Netscape's Signtool, the Capabilities classes, and I
  have packaged the Oracle classes111.zip contents into my Signed
  JAR file. I got a copy of the Oracle 8i JDBC Developer's Guide
  and Reference which has an example of what I'm trying to do.
  However, I get the same error running the example. Can anyone
  tell me what I'm doing wrong?
  Please help...
  stephen
  The Java console output is as follows:
  # Applet debug level set to 9
  netscape.security.AppletSecurityException: security.Couldn't
  connect to '47.129.164.42' with origin from ''.
  at
  netscape.security.AppletSecurity.checkConnect(AppletSecurity.java
  :914)
  at
  netscape.security.AppletSecurity.checkConnect(AppletSecurity.java
  :926)
  at
  netscape.security.AppletSecurity.checkConnect(AppletSecurity.java
  :795)
  at
  java.lang.SecurityManager.checkConnect(SecurityManager.java:718)
  at java.net.Socket.<init>(Socket.java:245)
  at java.net.Socket.<init>(Socket.java:123)
  at oracle.sqlnet.SQLnet.Connect(SQLnet.java:176)
  at oracle.sqlnet.SQLnet.Connect(SQLnet.java:146)
  at oracle.sqlnet.SQLnet.Connect(SQLnet.java:120)
  at oracle.jdbc.ttc7.TTC7Protocol.connect(TTC7Protocol.java:983)
  at oracle.jdbc.ttc7.TTC7Protocol.logon(TTC7Protocol.java:158)
  at
  oracle.jdbc.driver.OracleConnection.<init>(OracleConnection.java:
  93)
  at
  oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:146)
  at java.sql.DriverManager.getConnection(DriverManager.java:90)
  * at java.sql.DriverManager.getConnection(DriverManager.java:132)
  at MainApplet.button2_actionPerformed(MainApplet.java:196)
  at
  MainApplet$MainApplet_button2_actionAdapter.actionPerformed(MainA
  pplet.java:255)
  at java.awt.Button.processActionEvent(Button.java:267)
  at java.awt.Button.processEvent(Button.java:240)
  at java.awt.Component.dispatchEventImpl(Component.java:1789)
  at java.awt.Component.dispatchEvent(Component.java:1715)
  at
  java.awt.EventDispatchThread$EventPump.dispatchEvents(EventDispat
  chThread.java:83)
  at
  java.awt.EventDispatchThread.run(EventDispatchThread.java:135)
  at
  netscape.applet.DerivedAppletFrame$AppletEventDispatchThread.run(
  DerivedAppletFrame.java:911)
  null

  No, it is not, but this is the reason for using Netscape's
  Capabilities API. It contains a PrivilegeManager that works with
  Java's Applet Security Manager to grant permissions for the
  applet.
  Stephen Brewell (guest) wrote:
  : Is the database server on the same machine as your web server?
  : I don't think applets can connect to a machine other than that
  : from which it was served.
  null

• Re: Getting around Applet security

  I don't think this is an Applet Security problem associated with accessing the xml files on the server using URL connection. This will not in itself produce the exception unless the files are on a different server to the one the Applet was loaded from.

  According to http://java.sun.com/sfaq/, There is
  no explicit support in the JDK applet API for
  persistent state on the client side. However, an
  applet can maintain its own persistent state on the
  server side. That is, it can create files on the
  server side and read files from the server
  side.
  I believe that if you use Applet.getCodeBase() you
  can get the directory containing the applet, and
  using that, you can specify exactly which files you
  want.Accessing the XML file isn't my problem it is accessing the parser. I can't access the parser on the server and it is not an option to change the policy file on all clients to allow to use their JRE's parser.

• Applet Security loading & running on local PC

  I understnd the limits of an Applet loaded from a server to a local PC. What I am trying to do is test my Applet (JApplet actually) as I create it. I have some GIF and JPG files that need to be loaded from the same DIR that the JApplets HTML file is in. When I run the Applet in appletviewer it works fine, when I run it in IE5.5 I get security errors and the Applet fails to initialize.
  I have read the online section on applet security. It seems to me that my applet 'thinks' it is being loaded from a remote server.
  The online HTML talks about a properties file that can be edited to include the rights to read and/or write to specific local files. Anybody know the name of this file ??
  It should not make a difference that I am doing my work on a W2K Server, should it ???
  Any specific help would be greatly appreciated !!

  java.security.AccessControlException: access denied (java.io.FilePermission CHR.gif read)
  All I try to do in my code is place a GIF as am Icon on a JButton.
  //add buttons to controlPanel
          for(int i=0;i<siteNames.length; i++){
              icon = new ImageIcon(icons);
  JButton b = new JButton(siteNames[i],icon);
  b.addActionListener(listener);
  b.setActionCommand(siteNames[i]);
  controlPanel.add(b);
  Where icons[i] is a string listing of GIF files. The code works fine in IE5.5 without the icons on the buttons. Only when I put the icons on the buttons do I get the access denied error.
  Any Ideas ????
  Could it be the fact that I am doing my coding and testing on a W2K Server ????

• ActiveX bridge uses applet security model???

  Hello,
  During execution my ActiveX bean has no permissions to make something, but I need it at least able to access files. ActiveX bridge documentation says that the bean is executed with all permissions. Is something was changed in 1.5 release?
  Anton

  Seems like axbridge doesnt use the applet security model if you have the following folder structure:
  <JRE>\axbridge\bin\mybean.dll
  <JRE>\axbridge\lib\mybean.jar
  But then there are a lot of bugs, and the bug workaround is to rename the lib folder after registering the dll (and updating the path to the jarfile in the registry):
  <JRE>\axbridge\bin\mybean.dll
  <JRE>\axbridge\bug_workaround_lib\mybean.jar
  But then we get another problem: the applet security model is turned on...

• Netscape 6 plugin applet security

  Hi,
  I was wondering if anyone has been able to get a unrestricted Java Applet to work over Java Plugin in Netscape 6. I have a signed applet which I can grant all permissions to in IE via the initial Java Plugin (1.3.1) dialogue box. However, the same operation in Netscape 6 does not grant the Applet any permissions - and I get security exceptions when I try to perform a restricted operation such as accessing the filesystem.
  After a bit of fiddling around, I have realised that Netscape 6 does not read the information in the .java.plugin file in my home directory and although it reads the info in JRE_HOME/lib/security/java.policy, it seems to loose it almost immediately and not grant any permissions set in the default policy file.
  Any help with this particularly thorny issue would be welcome!
  Kevin.

  Hi,
  I am also stuck up with the same problem. I have an applet which gets loaded with signed jar in IE with plugin 1.3.1 but it is unable to load in Netscape and gives the following error in the java console. If get hold of any clue or solution , you may plz respond ASAP becoz, it is a very urgent task for me.
  Error is as follows:
  java.lang.ExceptionInInitializerError: java.lang.ClassCastException: java.net.URL
       at sun.plugin.security.PluginClassLoader$2.nextElement(Unknown Source)
       at sun.misc.CompoundEnumeration.nextElement(Unknown Source)
       at com.sun.media.jai.util.Service$LazyIterator.hasNext(Service.java:255)
       at javax.media.jai.OperationRegistry.registerServices(OperationRegistry.java:2031)
       at javax.media.jai.ThreadSafeOperationRegistry.registerServices(ThreadSafeOperationRegistry.java:620)
       at javax.media.jai.OperationRegistry.initializeRegistry(OperationRegistry.java:371)
       at javax.media.jai.JAI.<clinit>(JAI.java:382)
       at com.gohealthcast.tiffviewer.TiffViewer.start(TiffViewer.java:217)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Note: I am using JAI.
  Thanks in advance.
  Regards,
  Lakshmi

• Java applet security file.list()

  I am trying to read the directory structure from a signed applet. I
  have created the applet and provided it with the
  UniversalFileAccess. I am able to read a specific file, and see all
  the contents of the file. I am wanting to performa simple
  directory listing vie the following code.
  My browser is Communictor 4.76 on Win 2000.
  blah.. blah...
  if(browser.indexOf("netscape") >= 0){
  //Assert Netscape permissions
  try{
  // tried UniversalFileRead, UniversalFileAccess,
  UniversalPropertyWrite,
  PrivilegeManager.enablePrivilege("UniversalFileRead");
  System.out.println("Netscape now has UniversalFileRead
  privilege.");
  } catch (netscape.security.ForbiddenTargetException e1) {
  System.out.println("Permission to read file system denied by
  user.");
  e1.printStackTrace();
  } catch(Throwable e){
  System.out.println("Could not enable privilege." +
  e.getMessage());
  e.printStackTrace();
  try {
  File f = new File("c:\\temp\\");
  String [] fileList = a.list();
  } catch (Throwable e) {
  System.out.println("File List failed");
  e.printStackTrace();
  I keep getting a secuity exception that I do not have priveledes to
  perform this action.
  Can anyone help!!!!!!!! I am on a deadline, and this is working just
  fine with IE.
  Please reply directly to me, as this is the first time I've ever posted
  to this newsgroup. My email is [email protected]
  Thanks,
  James Kurfees

  This question has been asked many times in these forums.
  There is no way to prevent this from a determined reverse engineer.
  Search for java obfuscators, which can help a little bit.
  The only way to prevent code stealing is to run it on your own server,
  which means not to use applets, but servlets/JSP. I am sure this is
  not what you want to hear.

• URLs  cache and applet context showDocument question

  Hello:
  I wrote an applet and realized that when I try to read from a URL using this code:
  URL Url=new URL(ReadAddress);
  BufferedReader Input = new BufferedReader(new InputStreamReader(Url.openStream()));I was getting cached information from the web browser. So the problem was solved using this:
  URL Url=new URL(ReadAddress);
  URLConn=Url.openConnection();
  URLConn.setUseCaches(false);
  URLConn.setDoInput(true);
  BufferedReader Input = new BufferedReader(new InputStreamReader(URLConn.getInputStream()));However, I wonder what about this?
  URL Url=new URL(ReadAddress);
  getAppletContext().showDocument(Url);Since in this case I can't tell to the applet context to use a specific URLConnection, I don't know if showDocument(Url) will show always the most updated document or could show also a cached one... I could try before calling showDocument:
  Url.openConnection().setUseCaches(false);However, I know this would create a new connection, and I don't know if that's the one that showDocument() will use or if it will internally use anotherone...
  Any idea?

  I don't know if I can help you with this.
  I am able to run the following applet successfully in my Netscape 7.1 browser on Windows 2000 professional. I am including it for you to try. Although I have a feeling it is probably similar enough to what you have already tried, my interest in this topic has to do with the fact that I am having the same error as you when I run an applet in Camino v0.7 on Mac OS X 10.2 and also an older version of Mozilla 1.0.2 also on the Mac. Like you, I don't see any error messages. The browser simply does not redirect to the new page. The thought here is that if you are not able to redirect a user using an applet that will redirect a user on my own Netscape/Windows environment, maybe then the problem will turn out to be one of configuration (? or not) and hopefully I can solve it somehow on Camino. In any case, I'll be watching this thread hoping for a solution for you.
  public class RedirectApplet extends java.applet.Applet
       public void init()
       public void start()
            redirect();
       }// end start
       private void redirect()
            try{
            java.net.URL url
            = new java.net.URL(getCodeBase() + "/WebPage.html");
            this.getAppletContext().showDocument(url, "_self");
            catch(Exception e)
                 System.out.println("Error with redirection - " + e.getMessage());
       }// end method
  }// end applet class

• Netscape applets issue

  So I loaded up J2SE SDK on my XP machine.
  I did the �First Cup of Java� Hello World applet. It ran OK Netscape 7.01, but only offline. When I am online Netscape seems to not want to run any Java applet. The Tool\Web Development\Java Console selection goes to gray and cannot be accessed. When I go to one of the tutorials,
  http://java.sun.com/docs/books/tutorial/getStarted/index.html the example applet below the third paragraph will not work. When I look at the list of plug-ins installed with netscape, everything seems to be there and enabled.
  What have I done wrong?

  yes. I'm using dial up service. ugg!
  Windows was pre installed by Dell.
  I downloaded netscape and installed it my self.
  I open Nescape without being connected to the internet and then open the Hello World applet from the browser. It runs. If I'm online the HTML portion of it shows up but the java protion does not. Other problems as staed above.
  After posting, I was thinking that maybe it is a security setting I missed someplace, maybe in the browser itself?

• Opening and closing a frame from an applet security problem

  can I open a frame or a window from an applet and close the frame by using
  System.exit(0) for the frame or will it throw a security problem.

  I am using system.exit(0) to exit the JVM.
  dispose()
  Releases all of the native screen resources used by this Window, its subcomponents, and all of its owned children. That is, the resources for these Components will be destroyed, any memory they consume will be returned to the OS, and they will be marked as undisplayable.
  If this frame have to be close and open again don't use dispose.
  there is no check whether a frame is active? what you can do is set the the new frame to null (frame = null) and also when you dispose it, this will let you know if the frame is active or not.
  Noah

• Apparent gap in java applet security on client machine

  I know about signing applets, and both the new and original security models for applets. For my purposes, the original security model for applets is just about perfect. My applets do not need access to the client machine hardware, nor do they need to access any machine other than that which provides them to the client (at least at present).
  What I have been told is that it is not possible for a server of any kind (DB, servlets, &c.) to authenticate an applet. The claim was made that all the security was designed for client security and that a developer's only option is to trust the client machine.
  I can exchange information among my servers over SSL, and secure communications between by servers and applet clients. However, what is there to prevent a bad guy from breaking into a client machine and then capturing and modifying the applet I am relying on to protect the client's sensitive data? Signing the applet tells the user that the applet has not been modified from what I have produced, and so the user should feel confident enough to run it. But what if the applet and related web page is cached, and someone who has, legitimately or not, access to the machine and tries to use the cached copy for inappropriate purposes?
  If my servers can not verify that the applet code accessing them is mine, rather than a variant created to mimic my applet, then that certainly creates a risk for my code, but doesn't it also create a security risk for the client? After all, it is the client's sensitive data I am trying to protect, and I can envision a situation in which a bogus applet mascerades as mine and sends that sensitive data to a bad guy's machine; all this while giving the user the illusion that his data is safe.
  The gap here is either in my understanding of this technology or a gap in java security, so I'll put the question another way also. Is it possible for a server (e.g. an application server such as Tomcat or Sun's application server) to verify that the applet code used to try to connect with them is in fact the applet code that was signed on and served from the same machine and not malicious code masceraing as my code? If so, how does that work, and how does the programmer do it?
  Thanks,
  Ted

  the jar file reqiured is jmf.jar this jar file will there in
  jmf_home/lib
  for example in my mechine
  C:\Program Files\JMF2.1.1e\lib this jar file contain all the file reqired to run the application
  i think you may need some of the dll files also to run see
  if reqiured the then it may throw exception
  java.lang.UnsatisfiedLinkError then put respective dll file to workiing folder or the system32 folder

• OAS 4.0.8 Netscape Applet Error

  Installation:
  Oracle 8i
  OAS 4.0.8
  Netscape 4.73
  Suse Linux 6.4
  Patches for Netscape (plugger, nsfix, ....)
  I try to start the oasmgr using Netscape. When i start the oas manager or the oas utilities, i got the next page on the left side grey and an error message "Applet TreeApplet can't start: ERROR"
  What's wrong ??

  I forgot to mention that the database is Oracle 8.0.5.2.1, and it is running on the same computer as the OAS.

• Applet Security help for a newbie

  I have an applet that works as an IRC client, still needs a lot of work. I have the basics working, but before I continue fixing it up I need some help. I've searched all over the forums, and my lack of Java knowhow leaves me confused.
  I have no idea how to use the forte debugger or the J++ debugger, so i'm building the classes everytime and testing them in IE on my own machine.
  I got this error first:
  java.security.AccessControlException: access denied (java.net.SocketPermission irc.enterthegame.com resolve)
  so I did a lot of searching and found that by adding the following lines to my java.policy file in my program files\java\j2re1.4.0\lib\security folder that it would work:
  permission java.net.SocketPermission "*:80", "connect,accept,resolve";
  permission java.net.SocketPermission "*:6667", "connect,accept,resolve";
  Unfortunately if I want to test my applet on another computer or just use it, it means I have to add these lines on every machine I want to use. I think.
  So I did some more searching on here...and now I think I have to sign my applet. I followed the instructions from this link http://developer.java.sun.com/developer/qow/archive/167/index.jsp
  And that all went well. But what do I do now? I took out those two permission lines from my java.policy file and it's back to square one. Do I need to do something with the .jar file that I created? Can someone give me a hand here? Thanks, I appreciate it

  Is this question really hard or something?

• Java applet security

  hello all, i was just wondering if there is any secure way to send information from a java applet to a server, for example a number for storage in a database? I would like to create a very simple game which send the high score back to the server without any possibility of that information being falsified.
  Thanks for any advice received.
  Dori

  Not really. You'd have to trust the users PC, which you can't.
  You can make it harder to submit wrong values, but you can't make it impossible.

• Applet security settings for Java 1.1.8

  I receive a security exception because an applet running with JRE 1.1.8 tries to call System.getProperties().
  Is there a way I can allow the applet to access the properties?
  I know that there is a way in new JRE's with the java.policy files but I haven't found any information about that kind of possibilty in 1.1.8
  Thanks

  Okay, let's say you do find a way to modify the java.policy file to circumvent the applet restrictions (I don't think you can fully, but let's just do so for argument's sake). Now, you have an applet. Downloadable code. Are you going to instruct users to modify their java.policy file locally? Does the IE or Oracle JVM even read that file?
  Sign the applet or make a full-blown, downloadable application (if using Swing, you will need to have users also bundle the Java 1.2 classes). You don't have too many options.
  - Saish
  "My karma ran over your dogma." - Anon