--- see bottom for my reply ---
On Tue, 26 Jan 1999, PAX! wrote:
>Hi all,
>
>I'm still developing my small application (I placed de question about
>printing a few days ago), and now I have another strange problem.
>
>I'm trying to connect via JDBC with a Postgres database. If I run with
>appletviewer or in a frame as standalone application, everything seems
>to be all right, the connection takes place succesfully. But if I try to
>connect from Netscape, I get this exception (with exactly the same code
>as before). The console logs this:
>
>
>netscape.security.AppletSecurityException: security.Couldn't connect to
>'localhost' with origin from 'local-classpath-classes'.
> at
>netscape.security.AppletSecurity.checkConnect(AppletSecurity.java:773)
> at java.lang.SecurityManager.checkConnect(SecurityManager.java:718)
> at java.net.InetAddress.getAllByName0(InetAddress.java:457)
> at java.net.InetAddress.getByName(InetAddress.java:367)
> at java.net.Socket.<init>(Socket.java:123)
> at postgresql.PG_Stream.<init>(PG_Stream.java:35)
> at postgresql.Connection.<init>(Connection.java:188)
> at postgresql.Driver.connect(Driver.java:87)
> at java.sql.DriverManager.getConnection(DriverManager.java:90)
> at java.sql.DriverManager.getConnection(DriverManager.java:132)
> at TestConexion.conexionJDBC(TestConexion.java:82)
> at TestConexion.init(TestConexion.java:40)
>* at
>netscape.applet.DerivedAppletFrame$InitAppletEvent.dispatch(DerivedAppletFrame.java:553)
> at
>java.awt.EventDispatchThread$EventPump.dispatchEvents(EventDispatchThread.java:81)
> at java.awt.EventDispatchThread.run(EventDispatchThread.java:135)
> at
>netscape.applet.DerivedAppletFrame$AppletEventDispatchThread.run(DerivedAppletFrame.java:911)
>
>I've tried a lot of things. Since Netscape seems to use jdk 1.1.5, I use
>only awt components to be sure. Should I digitally sign the Applet? Is
>there any way to disable security checks in Netscape ? Or it's another
>thing ?
>
>Aaaaaaaaaaaaaaaaaaaaaaaaaaaarg !!!
Yes, you are being blocked by Netscape's security manager. This is
working as designed. An Applet is not allowed to open a socket with any
host other that the host from which it was loaded. This is to prevent an
Applet from behaving like a Trojan Horse. i.e. An applet could get loaded
on a machine behind a firewall and use the trusted status of that machine
to gain access to other machines behind the firewall.
Now that we've established that, how do you correct this problem?
One way to do it would be to have the applet connect to a postmaster
running on the web-server. This makes perfect sense anyway because you
can't be sure that every machine running a browser also has the postgres
backend running (?).
You must also make sure you are running the postgres backend with the "-i"
option to enable the BSD socket interface.
If you wish to run your postgres backend on a 3rd machine, an easy way to
do this would be to run a program called "datapipe" on your web-server.
The datapipe application simply reroutes traffic on a specific host/port
to another host/port.
I'm not posting this to the list because its not really Java/Linux. I
hope it helps.
--
/*****************************************************
* Douglas Toltzman
* President/CEO, Oak Street Software, Inc.
*
* phone: 910-326-6210
* email: [EMAIL PROTECTED]
* URL: http://www.oakstrsft.com/
******************************************************/
