Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Applet: best way to protect public methods?

3 views
Skip to first unread message

VK

unread,
May 8, 2010, 10:30:30 PM5/8/10
to
I am having an applet extends Applet that does Java <=> JavaScript
either way communication on the page. The problem I'm having is with
init(), start(), run(), stop(), destroy() redefined applet methods.
They are public and I can do nothing easy about it: "attempting to
assign weaker access privileges; was public".
The problem is that in the way JavaScript => Java LiveConnect
interface was made, as long as interop is enabled, all public applet
methods can be called from JavaScript, say
window.alert( document.applets['MyApplet'].getAppletInfo() );

Unfortunately it also means that the infamous "malicious user" - or
simply a careless one - can easily bring the system into very sorry
state by calling say
document.applets['MyApplet'].init();
or
document.applets['MyApplet'].start();
etc. over and over again from within JavaScript. So far I am using
"single-use locker" wrapper like:

boolean isFirstInit = true;

public void init() {
if (isFirstInit) {
// DO init stuff
isFirstInit = false;
}
}

so the same for isFirstStart. I don't think it may work for run() as
if understand properly its whole purpose is to be called over and
over. The problem is to make sure that it's an auto call on
myThread.start() and not some bored mind call from JavaScript.

Any suggestions and corrections are most welcome.

Roedy Green

unread,
May 9, 2010, 1:02:01 PM5/9/10
to
On Sat, 8 May 2010 19:30:30 -0700 (PDT), VK <school...@gmail.com>
wrote, quoted or indirectly quoted someone who said :

>
>Unfortunately it also means that the infamous "malicious user" - or
>simply a careless one - can easily bring the system into very sorry
>state by calling say
> document.applets['MyApplet'].init();


He would only hurt himself. That's fine. You can't protect people
from committing suicide.
--
Roedy Green Canadian Mind Products
http://mindprod.com

What is the point of a surveillance camera with insufficient resolution to identify culprits?

VK

unread,
May 11, 2010, 6:10:40 PM5/11/10
to
On May 9, 9:02 pm, Roedy Green <see_webs...@mindprod.com.invalid>
wrote:
> On Sat, 8 May 2010 19:30:30 -0700 (PDT), VK <schools.r...@gmail.com>

> >Unfortunately it also means that the infamous "malicious user" - or
> >simply a careless one - can easily bring the system into very sorry
> >state by calling say
> >  document.applets['MyApplet'].init();
>
> He would only hurt himself.  That's fine. You can't protect people
> from committing suicide.

Sometimes one can prevent a suicide :-) :-| - but overall very true.
Yet it is intended to be a self-contained application anyone can
download and use for a project (UDP broadcast listener over
DatagramSocket with Javascript notifier). In such cases I prefer to
have AID (Anti-Idiot Defence) set, so I could state in docs that with
such and such usage one gets such results, and with other attempts it
leads to the error/exception of such kind. With the current Applet
native methods implementation I cannot state that, because I honestly
don't know what would be the system reaction on manual calls of say
start() or run() from within Javascript. It seems that Sun has no clue
either - this outcome was simply overlooked when introducing
LiveConnect interfaces back in 1996. I would be glad to stay
corrected.


0 new messages