Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!news.albasani.net!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail
From: Joshua Cranmer <Pidgeot18@verizon.invalid>
Newsgroups: comp.lang.java.programmer
Subject: Re: tools for programming applets
Date: Sat, 21 May 2011 12:55:33 -0400
Organization: A noiseless patient Spider
Lines: 20
Message-ID: <ir8qq6$d27$1@dont-email.me>
References: <028d2009-98b7-43a3-b02d-83eaa89db79e@glegroupsg2000goo.googlegroups.com> <ir6sfe$8sg$1@dont-email.me> <ir7023$2l0$1@news.albasani.net> <d9f939a9-fddf-45df-9935-3bef2b11ed4f@r27g2000prr.googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 21 May 2011 16:55:34 +0000 (UTC)
Injection-Info: mx04.eternal-september.org; posting-host="zgGiVcngUBCkGsQLJRkLEg"; logging-data="13383"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1/4mrol0S9ZSxCkAEk94B/+sDOfOz08Fus="
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.16pre) Gecko/20110305 Lightning/1.0b3pre Thunderbird/3.1.10pre
In-Reply-To: <d9f939a9-fddf-45df-9935-3bef2b11ed4f@r27g2000prr.googlegroups.com>
Cancel-Lock: sha1:N+5n9m1s+kjtsvPIr4yTg9/aukc=
Xref: x330-a1.tempe.blueboxinc.net comp.lang.java.programmer:4388

On 05/21/2011 12:10 PM, horos22 wrote:
> Frankly I'm surprised there isn't something like this. I can
> understand why it wouldn't be the standard or if you'd need a
> directive to javarun that requires authentication from the remote
> server to provide security for a non-standard local applet, but really
> - needing to rebuild the whole environment to just test a new applet
> strikes me as using a tail to wag the dog.

Java applets were designed to be as secure as possible. Hence why, for 
example, they are forbidden from opening a network connection to 
anywhere other than their source domain. Allowing you to replace your 
own applet to run in another's context domain is a recipe for security 
holes; in principle, you could allow the server to list other applets 
that can run in their domain (in similarity to how CORS stuff works), 
but that is essentially the same level of changes needed as hosting 
another copy of the applet.

-- 
Beware of bugs in the above code; I have only proved it correct, not 
tried it. -- Donald E. Knuth