JDK-4183204 : client-side multiplexing should be disabled
  • Type: Enhancement
  • Component: core-libs
  • Sub-Component: java.rmi
  • Affected Version: 1.2.0
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: solaris_2.5
  • CPU: sparc
  • Submitted: 1998-10-21
  • Updated: 2015-06-11
  • Resolved: 1999-02-11
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
1.2.2 1.2.2Fixed
Related Reports
Relates :  
JDK-8087189 - RMI server-side multiplex protocol support should be removed
Relates :  
JDK-4257730 - Client initiated multiplex RMI socket connectivity disabled in JDK 1.2.2
Relates :  
JDK-4145254 - Stream-mode connections should be closed when the multiplexer is needed
Relates :  
JDK-4161204 - multiplexed connections does not work across firewall
Description
The use of multiplexing to the client bypasses intended security
checks.  It was initially introduced to allow callbacks to applets
which were impossible to do because the Netscape browser's security
manager did not allow applets to listen on a socket on an anonymous
port.

Client-side multiplexing should not be initiated and support
for it should be removed.  The server-side multiplexing should remain
to be backwards compatible with earlier releases that use client-side
multiplexing.
Comments
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: 1.2.2 FIXED IN: 1.2.2 INTEGRATED IN: 1.2.2
14-06-2004
EVALUATION The RMI team desires to disallow the ability to abuse connection multiplexing in rmi. lairdd@east 1998-10-28 Fixed as described for 1.2.2. peter.jones@East 1999-02-10
28-10-1998