How to accept resolv on all hosts?

Hi,

My web application is running under a security policy and I don't know how to write a rule to allow the application to resolve all host names. Is it possible to write a policy rule like:

grant codeBase"file:/usr/local/webapps/myapp/-"{

permission java.net.SocketPermission"*","resolve";

....

};

According to the SocketPermission javadoc, the "*" is only allowed at the left of a domain suffix and this former syntax is not supported.

How can I write such a rule?

Thanks for any hint.

[674 byte] By [genepia] at [2007-10-1 22:19:53]

«« JSP, Beans and strange character representation
»» creating games

# 1

Using "*" as host name is perfectly valid in socket permissions.

almhe03a at 2007-7-13 8:33:49 >

top of Java-index,Security,Other Security APIs, Tools, and Issues...

# 2

You are perfectly right! Looking at the source code for SocketPermission, at least for JDK1.5:

// is this a domain wildcard specification

if (host.lastIndexOf('*') > 0) {

throw new

IllegalArgumentException("invalid host wildcard specification");

} else if (host.startsWith("*")) {

wildcard = true;

if (host.equals("*")) {

cname = "";

} else if (host.startsWith("*.")) {

The conclusion: never trust javadoc, but experiment!

Thanks.

genepia at 2007-7-13 8:33:49 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

How to accept resolv on all hosts?

Security New Topic

Security Hot Topic

Security

All Classified