| ECS-L Home Automation and Security Archives |
| Subject: From: Date: | Re: [ECS] Remote IE5 access problem Mark Gilmore Wed, 19 Apr 2000 16:25:18 -0400 |
Hi Ingo,
I just:
1) Exited IE5
2) Disconnected
3) Appended my ECS host info to HOSTS.SAM (shown below)
4) Re-connected
5) Re-started IE5
This had no effect.
I assume that I am using the correct file
(there is no other file which looks applicable).
Perhaps I need to reboot ?
The address noted in the error message ("DIALUP685.TNKNO2.USIT.NET")
worries me.
What IS this thing ?
Shouldn't this be my ECS-host IP address ??
I don't understand this statement:
> The only real solution would be to not use the host name at all. From
the
> stack trace, I can tell that you are concatenating a string that
contains
> the host name. Don't do it, and you will resolve this security
exception
> (of course, there may be others).
What am I "concatenating" ??
"ecs_host" is a string containing "216.80.146.195".
I append the port# only in the displayed msg (not the string).
To connect, I am calling "socket(ecs_host, ecs_port)".
If you think it would make a difference, I could call the
other socket method whereby I pass an actual internet address
(instead of a host name string). Is this what you mean ?
Thanks
\WINDOWS\HOSTS.SAM:
# Copyright (c) 1994 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Chicago
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
216.80.146.195 mark
--
Mark Gilmore
Omnipotence (ECS home automation software)
http://www.usit.com/omnip
423-745-0026
Hours: Mon-Sat, 9AM-8PM/EST
Ingo Pakleppa wrote:
>
> I can think of two other possibilities besides Microsoft's SDK: a different
> JVM version, and a simple security problem. I am almost positive it is the
> latter.
>
> In fact, the stack trace you show below indicates that this is a security
> problem; getHostName fails with a SecurityException when it tries to
> connect somewhere.
>
> I looked up the checkConnect in Microsoft's Developer Network, and found
> that it will ALWAYS throw a security exception. But getHostName may not
> always call checkConnect.
>
> Here is what I think happens:
>
> Ecsio.connect() tries to find out the host name for a given IP address (it
> looks like you try to append the host name to some other string when the
> exception happens).
>
> getHostName() first tries to see if this is the local IP address, or if it
> can resolve the IP address through the HOSTS file. If that succeeds, you
> are done, and you can access ECS.
>
> If the IP address is not in the local hosts file (or if you turned off
> using the hosts file, or if sun and moon are not at the right angle),
> getHostName() needs to query a DNS server (typically either your proxy, or
> your ISP). To do that, getHostName first needs to open a socket connection
> to the DNS server (it uses UDP rather than TCP, so there is no real
> "connection", but that's immaterial here). Alas - opening a socket anywhere
> but where the applet came from is disallowed in an applet! Thus the
> exception you are seeing. So the same code succeeds on your main ECS
> machine simply because that machine of course knows it's own host name.
>
> I can make one suggestion to test the theory: add your ECS machine to the
> HOSTS file on your second machine. If things start to work, you know that
> my theory is correct.
>
> However, this is NOT the ultimate solution to the problem. There are many
> people who for one reason or another cannot change the HOSTS file (for
> instance, if they want to check their ECS status from a computer at work,
> their sysadmin would kill him, plus the firewall might also prevent this
> method from working!)
>
> The only real solution would be to not use the host name at all. From the
> stack trace, I can tell that you are concatenating a string that contains
> the host name. Don't do it, and you will resolve this security exception
> (of course, there may be others).
>
> Ingo
>
> At 01:37 PM 4/19/00 -0400, Mark Gilmore wrote:
> >Well, I'm also having a problem accessing ECS remotely with IE5.
> >However, I CAN access it with IE5 on the ECS PC using the SAME URL
> >(???).
> >The remote PC DOES have the "MS VIRTUAL MACHINE" installed, but
> >does NOT have the JAVA SDK installed (as does the ECS PC).
> >I guess I'll have to install it, as this is the only difference
> >that I know of (I've already compared all setup parameters).
> >
> >Ecsio:init:ecs_host=216.80.146.226:3000
> >Ecsio:start:connect
> >com.ms.security.SecurityExceptionEx[Ecsio.connect]: cannot connect to
> >"DIALUP685.TNKNO2.USIT.NET"
> > at com/ms/security/permissions/NetIOPermission.check
> > at com/ms/security/PolicyEngine.deepCheck
> > at com/ms/security/PolicyEngine.checkPermission
> > at com/ms/security/StandardSecurityManager.chk
> > at com/ms/security/StandardSecurityManager.chkex
> > at com/ms/security/StandardSecurityManager.checkConnect
> > at java/net/InetAddress.getHostName
> > at java/net/InetAddress.toString
> > at java/lang/String.valueOf
> > at java/lang/StringBuffer.append
> > at Ecsio.connect
> > at Ecsio.start
> > at com/ms/applet/AppletPanel.securedCall0
> > at com/ms/applet/AppletPanel.securedCall
> > at com/ms/applet/AppletPanel.processSentEvent
> > at com/ms/applet/AppletPanel.run
> > at java/lang/Thread.run
> >--
> >Mark Gilmore
> >Omnipotence (ECS home automation software)
> >http://www.usit.com/omnip
> >423-745-0026
> >Hours: Mon-Sat, 9AM-8PM/EST