Um there seems to be a few chunks missing and mispelled in
that email. Pleas excuse the typos and refer to the Java
security FAQ at http://java.sun.com/sfaq/

The sentence: " I will define use a Persisten Connection as
simply a Socket connection." This is absurdly incorrect. It
should read: "I will define a persistent connection as simply
a socket connection."

vertigo

On Sun, 8 Jul 2001, vertigo wrote:

> Oscar,
>
> There are a couple ways one can create a persistent connection
> from a browser to a server. The first uses Java, and the second
> would use an ActiveX control. In this explanation I will define
> use a Persisten Connection as simply a Socket connection. This
> is due to the fact that, according to the Java Security FAQ "There
> is no explicit support ins the JDK applet API for persistent state
> on the client side.
>
> The Java security model has fairly strict control over socket
> communication. Applets can only open sockets to the originating
> server.
>
> The ActiveX security model is significantly more relaxed. According
> to Microsoft, "ActiveX controls can live and play outside the "sandbox."
> ActiveX controls have the full creative power of the Win32 API, and
> aren't limited to just a simple object model." A good reference regarding
> ActiveX security is:
>
> http://support.microsoft.com/support/kb/articles/q174/3/60.asp
>
> I hope this helps.
>
> Nathan Groupp
> Developer
>
> p.s. I only put my name up there because I've been unemployed
> since March. :(
>
>
> On Sun, 8 Jul 2001, Oscar Batyrbaev wrote:
>
> > Hi,
> >
> > There are a lot of new applications that maintain a persistent connection to
> > some code running in the browser's address space, etc. and their
> > "proprietary" HTTP servers (for example KnowNow).
> >
> > Questions:
> > 1. Does this represent a security risk?
> > 2. How do they maintain a persistent connection?
> >
> > Thanks.
> >
> >
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]