|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Daniel Kasmeroglu (daniel.kasmeroglu
web.de)Date: Fri Aug 24 2001 - 17:58:58 CDT
During work I've found out that the combination of the
Java Plugin 1.4 with the JRE 1.3 doesn't handle
certificates properly. An applet signed with an
outdated certificate shouldn't be able to get access to
the filesystem on the client machine. However this
happens when using the named combination. So my
applet was able to do some filesystem operations
without a valid certificate. For better bugtracking I've
generated some files (HTML,JSP,Applet,Certificate)
to reproduce this problem.
Here you'll find these files:
http://user.cs.tu-berlin.de/~raptor/SecurityFault/
Starting point is the file SecurityFault.html .If you got
JBuilder a corresponding project file is included.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]