JDK-4876235 : SocketService - Allow user to grant app "connect" permission to hosts other than the download host.
  • Type: Enhancement
  • Component: deploy
  • Sub-Component: webstart
  • Affected Version: 1.4.2
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: linux
  • CPU: x86
  • Submitted: 2003-06-09
  • Updated: 2017-05-19
  • Resolved: 2005-06-13
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6
6 b28Fixed
Related Reports
Relates :  
Description

Name: nt126004			Date: 06/09/2003


A DESCRIPTION OF THE REQUEST :
JWS is missing a SocketService that works the same way the PersistenceService, PrintService, ClipboardService, etc.. work.

JUSTIFICATION :
There is a clear need to interoperate with and leverage existing corporate services. Currently secure Java applications (unsigned) are unable to interoperate with existing corporate services solely because of a lack of a SocketService. Examples of Java's inability to interoperate:
1. Web Services (SOAP)
2. WebDAV
3. Access to financial systems (ACCPAC, QuickBooks, etc... which use TCP/XML to communicate)

Signing applications is a step backwards to the virus and spyware ridden world of the 1990's. A SocketService gives the user total control over when a TCP connection is made and where it is made to. I believe that this is the last missing service and that fine-grained security manager would be unnecessary if a SocketService were available.

I have written a short paper on why signing applications is a non-starter here:
http://www.scheduleworld.com/itsYourLife.html

Running unsigned applications is the perfect secure system and a special edge that .NET does not have.

However, obviously the inability to work together with other services over the network (doesn't McNealy state the N in SUN stands for Network?) is a serious oversight. Please correct it.

Thank you.
(Review ID: 187392) 
======================================================================

Comments
SUGGESTED FIX see webrev at: http://web-east.east/www/webrevs/andy/1.6.0/4876235/ ###@###.### 2005-2-04 15:39:23 GMT
2005-02-04

EVALUATION This sounds like a very usefull rfe, unfortunately, we have just finished our proposed specification changes for tiger, and may not be able to implement this untill mustang, unless it is escallated. ###@###.### 2003-06-16 It may be possible to implement this w/o an API or a spec change, similar to how printing is now handled through the security manager. If we override checkPermission in JavaWebStartSecurity, we can catch a security exception and just re-throw if not asking for a socket permission, or if configuration dosn't allow or user doesn't accept a security dialog. ###@###.### 2005-1-06 16:51:37 GMT
2005-01-06