Oscar,

There are a couple ways one can create a persistent connection
from a browser to a server. The first uses Java, and the second
would use an ActiveX control. In this explanation I will define
use a Persisten Connection as simply a Socket connection. This
is due to the fact that, according to the Java Security FAQ "There
is no explicit support ins the JDK applet API for persistent state
on the client side.

The Java security model has fairly strict control over socket
communication. Applets can only open sockets to the originating
server.

The ActiveX security model is significantly more relaxed. According
to Microsoft, "ActiveX controls can live and play outside the "sandbox."
ActiveX controls have the full creative power of the Win32 API, and
aren't limited to just a simple object model." A good reference regarding
ActiveX security is:

   http://support.microsoft.com/support/kb/articles/q174/3/60.asp

I hope this helps.

Nathan Groupp
Developer

p.s. I only put my name up there because I've been unemployed
     since March. :(

On Sun, 8 Jul 2001, Oscar Batyrbaev wrote:

> Hi,
>
> There are a lot of new applications that maintain a persistent connection to
> some code running in the browser's address space, etc. and their
> "proprietary" HTTP servers (for example KnowNow).
>
> Questions:
> 1. Does this represent a security risk?
> 2. How do they maintain a persistent connection?
>
> Thanks.
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]