Sign in to follow this  

[java] Applet security issue

This topic is 3717 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

You can sign it yourself, but of course the users will be asked
to trust you, or whoever signed the applet. If you want to
download images with no intervention, you'll have to do it through
a proxy located on the same site as the applet.

Share this post


Link to post
Share on other sites
you could make a really simple php image proxy


getImage.php
<?php header("location: $_REQUEST[imageURL]") ?>


save that on your webserver and use like so:

String imageURL = "http://myserver/getImage.php?imageURL=http://imageshack.us/my_offsite_pic.png";

Share this post


Link to post
Share on other sites
You could create such a proxy in PHP (or some other server-side language) - that would be the easiest way.

But it should definitely do some security checks (such as that the image comes from a trusted site etc, protocol really is http) - the code shown by domstyledesign is VERY vulnerable to being attacked (It can be used to dump the contents of any local file). You might also want to limit the maximum size of the file proxied.

You probably also want to set the content-type header to the appropriate value.

Mark

Share this post


Link to post
Share on other sites
ok, thanks. this sounds like the way i want to go. the code you provided causes the following warnings:

Warning: file_get_contents(): URL file-access is disabled in the server configuration in .../getImage.php on line 1

Warning: file_get_contents(http://www.imageserver.com/current.jpg): failed to open stream: no suitable wrapper could be found in .../getImage.php on line 1

i have given it execute permissions along with read and write. something i'm missing?

EDIT: nevermind, found the setting in the php.ini :) thanks guys

[Edited by - MaliciousDigit on October 8, 2007 1:16:44 PM]

Share this post


Link to post
Share on other sites
Quote:
Original post by markr
But it should definitely do some security checks (such as that the image comes from a trusted site etc, protocol really is http) - the code shown by domstyledesign is VERY vulnerable to being attacked


I agree completely with this advice. If you do build a proxy, it should
be very restricted to proxying the files you intend it to. Otherwise, it WILL
be hijacked and you'll find your server acting as a major portal for porn
or something similar.

Share this post


Link to post
Share on other sites
Quote:
Original post by ddyer
You can sign it yourself, but of course the users will be asked
to trust you, or whoever signed the applet. If you want to
download images with no intervention, you'll have to do it through
a proxy located on the same site as the applet.


As a lesser of two evils, how do i sign it? leaving the image loading calls in makes them fail, so i'm assuming signing will allow you to do this if the user agrees.
i was trying to avoid making the user agree to anything, but the proxy server seems too slow for downloading the hi def images i'm doing.
i switched to fread based streaming and it helped, but the cost is still substantial since now two computers have to download the image.

Share this post


Link to post
Share on other sites

This topic is 3717 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this