Thread: Netscape.security.AppletSecurityException on db Connect

Are you accessing your webserver as 127.0.0.1?  Applets can only make
connections back to the server that they originated from unless they are
signed or given special permissions in the java security property files.

If you are looking for wide distribution, I like have my applet talk to
a servlet that does all of the database access (you can do this over
HTTPS if security is an issue), and then I have the servlet return CSV
or XML formatted data over the HTTPS connection.  This kills two birds
-- the servlet can make a DB connection to anywhere it wants, and you
don't have to distribute the postgresql JDBC driver to your clients.

Hope that helps....

Tim

On Wed, 2002-05-29 at 20:57, PaulU71555@aol.com wrote:
> Greetings.
>
> I attempt the following in an applet named PWEntry.class and in an application
> named TextInterface.class to connect to a local postgres database named ctfilm
> as user Paul with no password:
>
> url = "jdbc:postgresql://127.0.0.1/ctfilm?user=Paul&password=NONE";
> .
> .
> DriverManager.getConnection(url, "Paul", "");
>
> This works fine from command line application; trying to load the applet into
> Netscape produces this error:
>
> netscape.security.AppletSecurityException: security.Couldn't connect to
> '127.0.0.1' with origin from 'local-classpath-classes'.
>
> The line in my html is:
> <APPLET CODE = "PWEntry.class">
> </APPLET>
>
> I'm using Apache.  Environment variable CLASSPATH contains the path of the
> html
> file calling the applet, which is /var/www/html/Yvonne.  In httpd.conf, I have
> the following lines:
>
> <Directory /var/www/html/Yvonne>
> Options All Multiviews
> Allow Override None
> Order allow,deny
> Allow from all
> </Directory>
>
> I am now out of my depth, and would be grateful for any assistance anyone can
> throw my way.
>
> Paul
>
--
/*************************************************************************
 * Tim Freund -- tim@technofreund.com
 * GnuPG Key ID: 77DEB64A -- Securify your life at http://pgp.mit.edu
 *
 * "It turns out that an eerie type of chaos can lurk just behind a
facade
 *  of order -- and yet, deep inside the chaos lurks an even eerier type
 *  of order." -- Douglas Hofstadter

*************************************************************************/

PaulU71555@aol.com writes:

> Greetings.
>
> I attempt the following in an applet named PWEntry.class and in an application
> named TextInterface.class to connect to a local postgres database named ctfilm
> as user Paul with no password:
>
> url = "jdbc:postgresql://127.0.0.1/ctfilm?user=Paul&password=NONE";
> .
> .
> DriverManager.getConnection(url, "Paul", "");
>
> This works fine from command line application; trying to load the applet into
> Netscape produces this error:
>
> netscape.security.AppletSecurityException: security.Couldn't connect to
> '127.0.0.1' with origin from 'local-classpath-classes'.

This brings back fond memories of my own struggles with browser VMs.  Check
the URL that you're using to run the applet.  You'll need to explicitly load
http://127.0.0.1/path/to/applet.class, and you're probably using
http://hostname/path/to/applet.class.

Applets can only connect to the same server they're loaded from, else you'll
get this security exception.  The security manager isn't smart enough to
know that both hostname and 127.0.0.1 is the same machine.

It's preferrable to code the applet to pull its own URL, and construct the
JDBC URL at runtime, to reflect the applet's server hostname.  You'll find
some methods in the Applet class that will give you the applet's URL.

Furthermore, running JDBC from an applet won't work well in every case.
Since JDBC isn't available in the browser's VM, it'll get pulled off the
server.  Anyone who runs the applet will essentially end up downloading all
of JDBC from the server.  That's probably fine on a LAN, but you don't want
to do that on a low bandwidth dialup connection.

--
Sam