>> Per my previous comment, accessing files above the "document base" of
>> the
>> .html file will have security problems on some systems.
>>
>
> Specifically what systems, Miguel?
Don't remember ...
It seems to me that it should be an error on every system. You are
accessing the parent director ... something outside the document base
where you started.
One can look at subdirectories. If one can also look at a parent directory
then it seems to me that one should be able to get anyplace on the hard
drive ... so I am puzzled.
> I have not observed this ever. My
> observation
> is that you can use "../" as long as the applet jar file is in the path of
> the
> xyz files.
Sorry, I do not understand this sentence.
You make reference to the xyz files, but not to the .html file.
> Far as I know, the .js file can be anywhere, on any server or
> anywhere on the hard drive. No matter there.
That does not make any sense to me ... Is it really true?
> But if there really is a
> system
> that is broken by accessing files above the "document base," then I'd like
> to
> know specifically what that system is.
Clearly I am missing something :-(
In this area of applet security I suspect that there are effectively only
three Java Virtual Machines, only 2 of which are interesting:
1. MSFT IE + MSFT JVM
2. Any system with Sun Java Plug-in
* Win
* OSX
* Linux/Unix
3. Netscape 4.* on Win32 -- NOT REALLY OF ANY INTEREST
With respect to the applet security sandbox, I believe that the Sun Java
Plug-in (1.4 or greater) *should* behave the same ... regardless of OS,
regardless of browser. IF SOMEONE HAS EVIDENCE TO THE CONTRARY PLEASE
SPEAK UP.
The 'document base' is the place where the .html file is loaded from.
I think that this is the list of file types that need to be loaded to
build a page:
0. .html file - the 'document base'
1. <IMG src=XXXXX> image files
2. .css style sheet files
3. .js JavaScript files ... in our case Jmol.js
4. .jar Applet files ... in our case JmolApplet*.jar
5. data files ... in our case .xyz, .pdb, etc.
These are the directory locations relative to the 'document base'
1. same directory - './'
2. subdirectory - 'subdir/'
3. parent directory - '../'
4. sibling directory - '../sibling'
So, I think the test matrix is
5 file types X 4 relative locations X 2 JVMs
MSFT JVM image .css .js .jar data
./
subdir/
../
../sibling/
SUN Java Plug-in image .css .js .jar data
./
subdir/
../
../sibling/
We should try to fill out this test matrix with yes/no answers.
Miguel
-------------------------------------------------------
This SF.Net email is sponsored by: New Crystal Reports XI.
Version 11 adds new functionality designed to reduce time involved in
creating, integrating, and deploying reporting solutions. Free runtime info,
new features, or free trial, at: http://www.businessobjects.com/devxi/728
_______________________________________________
Jmol-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jmol-users
