[java] Applet security issue

This topic is 4056 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

Recommended Posts

my applet needs to download images from various other servers, is there a way to do this without signing it? if not, what is the easiest path to getting the applet signed?

Share on other sites
You can sign it yourself, but of course the users will be asked
to trust you, or whoever signed the applet. If you want to
a proxy located on the same site as the applet.

Share on other sites
you could make a really simple php image proxy

getImage.php

Share on other sites
You could create such a proxy in PHP (or some other server-side language) - that would be the easiest way.

But it should definitely do some security checks (such as that the image comes from a trusted site etc, protocol really is http) - the code shown by domstyledesign is VERY vulnerable to being attacked (It can be used to dump the contents of any local file). You might also want to limit the maximum size of the file proxied.

You probably also want to set the content-type header to the appropriate value.

Mark

Share on other sites
ok, thanks. this sounds like the way i want to go. the code you provided causes the following warnings:

Warning: file_get_contents(): URL file-access is disabled in the server configuration in .../getImage.php on line 1

Warning: file_get_contents(http://www.imageserver.com/current.jpg): failed to open stream: no suitable wrapper could be found in .../getImage.php on line 1

i have given it execute permissions along with read and write. something i'm missing?

EDIT: nevermind, found the setting in the php.ini :) thanks guys

[Edited by - MaliciousDigit on October 8, 2007 1:16:44 PM]

Share on other sites
wow. this is extremely slow. is there anyway to speed it up other than getting a faster server?

Share on other sites
Quote:
 Original post by markrBut it should definitely do some security checks (such as that the image comes from a trusted site etc, protocol really is http) - the code shown by domstyledesign is VERY vulnerable to being attacked

I agree completely with this advice. If you do build a proxy, it should
be very restricted to proxying the files you intend it to. Otherwise, it WILL
be hijacked and you'll find your server acting as a major portal for porn
or something similar.

Share on other sites
Quote:
 Original post by ddyerYou can sign it yourself, but of course the users will be askedto trust you, or whoever signed the applet. If you want todownload images with no intervention, you'll have to do it througha proxy located on the same site as the applet.

As a lesser of two evils, how do i sign it? leaving the image loading calls in makes them fail, so i'm assuming signing will allow you to do this if the user agrees.
i was trying to avoid making the user agree to anything, but the proxy server seems too slow for downloading the hi def images i'm doing.
i switched to fread based streaming and it helped, but the cost is still substantial since now two computers have to download the image.

Share on other sites
there's a program called "jarsigner" in jdk

1. 1
Rutin
37
2. 2
3. 3
4. 4
5. 5

• 11
• 12
• 14
• 9
• 9
• Forum Statistics

• Total Topics
633349
• Total Posts
3011464
• Who's Online (See full list)

There are no registered users currently online

×