Bugtraq mailing list archives
Re: open socket in java
From: toby () PEOPLESEARCH COM AU (Toby Chamberlain)
Date: Fri, 5 Feb 1999 11:04:24 +1000
nino worte: <snip>
The implications are obvious. If any host can connect to the machine running the aplet, you could tell java to do things like the boserver. If you have a completely open socket, its rock n' roll !
<snip> I may be missing something here, but from what I understand of the bug it _doesn't_ constitute a major security issue. All it means is that we have an open socket to a Java APPLET - (note: *not* a Java application) - running on the machine, and are still subject to the "sandbox" restrictions that applets have. We can't read/write files on the local machine or do anything that we couldn't do with an applet anyway. Please correct me if I'm wrong, but I don't think it's anything to get too excited about kiddies - the Java/Javascript combo that let's you read files (posted on bugtraq a month or so ago) is much more interesting:) Stay cool, Toby
Current thread:
- open socket in java nino (Feb 03)
- <Possible follow-ups>
- Re: open socket in java Aviram Jenik (Feb 04)
- Re: open socket in java Hale (Feb 05)
- Re: open socket in java Lincoln Stein (Feb 05)
- Re: open socket in java Tim Wright (Feb 09)
- Re: open socket in java Toby Chamberlain (Feb 04)
- Re: open socket in java Simon Kilvington (Feb 05)
- Re: open socket in java Posick, Steve (Feb 09)
- FW: open socket in java Nin|a405 (Feb 11)
- Re: open socket in java Simon Kilvington (Feb 12)