| ECS-L Home Automation and Security Archives |
| Subject: From: Date: | Re: [ECS] Remote IE5 access problem Ingo Pakleppa Wed, 19 Apr 2000 12:23:47 -0700 |
I can think of two other possibilities besides Microsoft's SDK: a different JVM version, and a simple security problem. I am almost positive it is the latter. In fact, the stack trace you show below indicates that this is a security problem; getHostName fails with a SecurityException when it tries to connect somewhere. I looked up the checkConnect in Microsoft's Developer Network, and found that it will ALWAYS throw a security exception. But getHostName may not always call checkConnect. Here is what I think happens: Ecsio.connect() tries to find out the host name for a given IP address (it looks like you try to append the host name to some other string when the exception happens). getHostName() first tries to see if this is the local IP address, or if it can resolve the IP address through the HOSTS file. If that succeeds, you are done, and you can access ECS. If the IP address is not in the local hosts file (or if you turned off using the hosts file, or if sun and moon are not at the right angle), getHostName() needs to query a DNS server (typically either your proxy, or your ISP). To do that, getHostName first needs to open a socket connection to the DNS server (it uses UDP rather than TCP, so there is no real "connection", but that's immaterial here). Alas - opening a socket anywhere but where the applet came from is disallowed in an applet! Thus the exception you are seeing. So the same code succeeds on your main ECS machine simply because that machine of course knows it's own host name. I can make one suggestion to test the theory: add your ECS machine to the HOSTS file on your second machine. If things start to work, you know that my theory is correct. However, this is NOT the ultimate solution to the problem. There are many people who for one reason or another cannot change the HOSTS file (for instance, if they want to check their ECS status from a computer at work, their sysadmin would kill him, plus the firewall might also prevent this method from working!) The only real solution would be to not use the host name at all. From the stack trace, I can tell that you are concatenating a string that contains the host name. Don't do it, and you will resolve this security exception (of course, there may be others). Ingo At 01:37 PM 4/19/00 -0400, Mark Gilmore wrote: >Well, I'm also having a problem accessing ECS remotely with IE5. >However, I CAN access it with IE5 on the ECS PC using the SAME URL >(???). >The remote PC DOES have the "MS VIRTUAL MACHINE" installed, but >does NOT have the JAVA SDK installed (as does the ECS PC). >I guess I'll have to install it, as this is the only difference >that I know of (I've already compared all setup parameters). > >Ecsio:init:ecs_host=216.80.146.226:3000 >Ecsio:start:connect >com.ms.security.SecurityExceptionEx[Ecsio.connect]: cannot connect to >"DIALUP685.TNKNO2.USIT.NET" > at com/ms/security/permissions/NetIOPermission.check > at com/ms/security/PolicyEngine.deepCheck > at com/ms/security/PolicyEngine.checkPermission > at com/ms/security/StandardSecurityManager.chk > at com/ms/security/StandardSecurityManager.chkex > at com/ms/security/StandardSecurityManager.checkConnect > at java/net/InetAddress.getHostName > at java/net/InetAddress.toString > at java/lang/String.valueOf > at java/lang/StringBuffer.append > at Ecsio.connect > at Ecsio.start > at com/ms/applet/AppletPanel.securedCall0 > at com/ms/applet/AppletPanel.securedCall > at com/ms/applet/AppletPanel.processSentEvent > at com/ms/applet/AppletPanel.run > at java/lang/Thread.run >-- >Mark Gilmore >Omnipotence (ECS home automation software) >http://www.usit.com/omnip >423-745-0026 >Hours: Mon-Sat, 9AM-8PM/EST