The "base directory" for the applet is the directory containing the .jar file. Wherever that file is located sets the upper limit for hard disk reference of model files.
I guess the logic is that if you can read that file, because it exists, then you should be able to use it to read anything below it on the path. The point, I think, is that the HTML file should not be the base for applet purposes. The jmol.js file can be anywhere on any server; no security issue there.
Bob
Miguel wrote:
Per my previous comment, accessing files above the "document base" of the .html file will have security problems on some systems.
Specifically what systems, Miguel?
Don't remember ...
It seems to me that it should be an error on every system. You are accessing the parent director ... something outside the document base where you started.
One can look at subdirectories. If one can also look at a parent directory then it seems to me that one should be able to get anyplace on the hard drive ... so I am puzzled.
I have not observed this ever. My observation is that you can use "../" as long as the applet jar file is in the path of the xyz files.
Sorry, I do not understand this sentence.
You make reference to the xyz files, but not to the .html file.
Far as I know, the .js file can be anywhere, on any server or anywhere on the hard drive. No matter there.
That does not make any sense to me ... Is it really true?
But if there really is a system that is broken by accessing files above the "document base," then I'd like to know specifically what that system is.
Clearly I am missing something :-(
In this area of applet security I suspect that there are effectively only three Java Virtual Machines, only 2 of which are interesting: 1. MSFT IE + MSFT JVM 2. Any system with Sun Java Plug-in * Win * OSX * Linux/Unix 3. Netscape 4.* on Win32 -- NOT REALLY OF ANY INTEREST
With respect to the applet security sandbox, I believe that the Sun Java Plug-in (1.4 or greater) *should* behave the same ... regardless of OS, regardless of browser. IF SOMEONE HAS EVIDENCE TO THE CONTRARY PLEASE SPEAK UP.
The 'document base' is the place where the .html file is loaded from.
I think that this is the list of file types that need to be loaded to build a page: 0. .html file - the 'document base' 1. <IMG src=XXXXX> image files 2. .css style sheet files 3. .js JavaScript files ... in our case Jmol.js 4. .jar Applet files ... in our case JmolApplet*.jar 5. data files ... in our case .xyz, .pdb, etc.
These are the directory locations relative to the 'document base' 1. same directory - './' 2. subdirectory - 'subdir/' 3. parent directory - '../' 4. sibling directory - '../sibling'
So, I think the test matrix is
5 file types X 4 relative locations X 2 JVMs
MSFT JVM image .css .js .jar data ./ subdir/ ../ ../sibling/
SUN Java Plug-in image .css .js .jar data ./ subdir/ ../ ../sibling/
We should try to fill out this test matrix with yes/no answers.
Miguel
------------------------------------------------------- This SF.Net email is sponsored by: New Crystal Reports XI. Version 11 adds new functionality designed to reduce time involved in creating, integrating, and deploying reporting solutions. Free runtime info, new features, or free trial, at: http://www.businessobjects.com/devxi/728 _______________________________________________ Jmol-users mailing list Jmol-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jmol-users
-- Robert M. Hanson, [EMAIL PROTECTED], 507-646-3107 Professor of Chemistry, St. Olaf College 1520 St. Olaf Ave., Northfield, MN 55057 mailto:[EMAIL PROTECTED] http://www.stolaf.edu/people/hansonr
------------------------------------------------------- This SF.Net email is sponsored by: New Crystal Reports XI. Version 11 adds new functionality designed to reduce time involved in creating, integrating, and deploying reporting solutions. Free runtime info, new features, or free trial, at: http://www.businessobjects.com/devxi/728 _______________________________________________ Jmol-users mailing list Jmol-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jmol-users
