Archive of UserLand's first discussion group, started October 5, 1998.

Re: It's apparently an Apple MRJ 2.2 thing

Author:Larry Rosenstein
Posted:4/19/2000; 4:10:58 PM
Topic:MSIE5/Mac and security hole
Msg #:16419 (In response to 16407)
Prev/Next:16418 / 16420

It's almost certainly IE's problem, not MRJ's. I'm pretty sure that the combination of IE 4.5 and MRJ 2.2 would not exhibit the bug.

The combination of IE 5 and MRJ 2.2 is the only one where MRJ uses the host app's networking code. Therefore, the browser (In this case IE 5) has to be the one to enforce the security restriction on redirected HTTP requests.

I haven't used iCab at all, but it might not use the new JManager 2 (I think that's what it's called) interfaces, which is how this works. If the host app doesn't support this this, then MRJ uses its own networking code, which doesn't have the bug.

There are a few signs that will tell you whether MRJ is using its own networking code or not. If you try to access an applet on a password protected page, you'll have to login twice (once for the browser to access the HTML page and once for MRJ to access the Java code).

Also, an applet that relies on cookies coming from the browser (eg, Yahoo's Java portfolio manager) won'r work unless the browser is fully integrated with MRJ.




This page was archived on 6/13/2001; 4:54:51 PM.

© Copyright 1998-2001 UserLand Software, Inc.