Re: Java applet security, exportability, Jon Postel haiku

Perry E. Metzger (perry@piermont.com)
Mon, 26 Oct 1998 11:22:47 -0500

• Next message: DreadThyme@aol.com: "whoCodherPlunks"
• Previous message: David R. Conrad: "Java applet security, exportability, Jon Postel haiku"
• In reply to: Mail System Internal Data: "DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA"
• Next in thread: Bill Frantz: "Re: Java applet security, exportability, Jon Postel haiku"
• Reply: Bill Frantz: "Re: Java applet security, exportability, Jon Postel haiku"

"David R. Conrad" writes:
> Primarily, what I'm concerned about is the security of the protocol that's
> used between the applet and the server. (Secondarily, I'm concerned about
> exporting it and/or having an unexportable java applet embedded in a web
> page that's accessible outside the U.S. and Canada.)

My suggestion: why re-implement what is already available in the
program? The java applet is allowed to open an https: URL on the
server if it wishes. Have it do so, and download your session keys
that way.

I've built several systems already that use this trick. 'taint pu'rty,
but it does the job.

Perry

• Next message: DreadThyme@aol.com: "whoCodherPlunks"
• Previous message: David R. Conrad: "Java applet security, exportability, Jon Postel haiku"
• In reply to: Mail System Internal Data: "DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA"
• Next in thread: Bill Frantz: "Re: Java applet security, exportability, Jon Postel haiku"
• Reply: Bill Frantz: "Re: Java applet security, exportability, Jon Postel haiku"