Hi Samuel!
11 Apr 2002, "Samuel W. Heywood" <[EMAIL PROTECTED]> wrote:
SH> I am aware of some web sites that have online Java Applets being
SH> Telnet clients which are purportedly very useful for connecting
SH> to Telnet services. I hesitate to use any one of those Java Applet
SH> Telnet programs because of security concerns.
Java has a big advantage ... it runs on the client side.
SH> Would the web site be able to capture everything I do during my Telnet
SH> session, to include login usernames and passwords?
normally not ... but it depends what the applet does.
Ie if it is malicious it could copy all characters to another server.
_BUT_ the biggest security risk is telnet itself.
It transmits and receives in CLEAR !!! (ie not encrypted)
So you don't need a malicious programm to read the session !
Use SSH (secure shell) instead.
It is a "encrypted telnet" which offers scp/sftp capabilities.
scp is a secure version of rcp (remote copy)
sftp -> secure ftp
if you don't trust those applets in the wild, download an applets from a
secure source and install it into a free webspace provider.
SH> Most people including myself are paranoid about Java because it is
SH> so easily employable for evil and malicious purposes.
It is not !
actually Java tries to be VERY secure. (runs in a sandbox, per default has
minimal rights only)
Maybe you mixed it up with M$ active-x ??
This has absolutely _NO_ security measures !!!
SH> Another reason why most people are paranoid about Java is that most of
SH> us don't understand Java.
It's a programming language like C, Cobol, BASIC et al.
Only difference is that apllets (not applications) have enormous security
restrictions, and that Java is a mixture between compiled and interpreted
language.
In order to be platform independant, SUN has specified a "virtual
processor" (called the Java VM)
.java source files are compiled to produce java bytecode (.class files)
(machine language for the virtual processor)
this bytecode is than interpreted by the Java VM.
(and can also by compiled to native code ... than you naturally loose the
platform independence)
SH> Do we know what these Telnet Java Applets do? Are they safe?
It depends ... (usually yes but unless you have not read the source you can
never know what it does)
This is completely independant of the programming language.
Ie if you haven't read the arachne source, you can't be sure what she does.
I personally use a ssh applet downloaded from a secure source.
(giving the URL will not help as it can only connect to 1 computer
configured in the config file of the applet)
If you want I can send you the applet in private mail.
SH> Sam Heywood
CU, Ricsi
--
|~)o _ _o Richard Menedetter <[EMAIL PROTECTED]> {ICQ: 7659421} (PGP)
|~\|(__\| -=> COMMAND: A suggestion made to a computer <=-
