ECS-L Home Automation and Security Archives
  learn more | view messages for this month | NetBloc® | terms of use | search

Google
 


  subject (prev) or (next) | time (prev) or (next) | author (prev) or (next) | view more subjects

Subject:
From:
Date:		 Re: [ECS] Remote IE5 access problem
Stephen W. Jones
Wed, 19 Apr 2000 13:40:55 -0700
the 'Hosts.sam' is just that - a sample, the real hosts file has no
extension. i.e. - 'HOSTS'

	Steve

Mark Gilmore wrote:
> 
> Hi Ingo,
> I just:
> 1) Exited IE5
> 2) Disconnected
> 3) Appended my ECS host info to HOSTS.SAM (shown below)
> 4) Re-connected
> 5) Re-started IE5
> 
> This had no effect.
> I assume that I am using the correct file
> (there is no other file which looks applicable).
> Perhaps I need to reboot ?
> The address noted in the error message ("DIALUP685.TNKNO2.USIT.NET")
> worries me.
> What IS this thing ?
> Shouldn't this be my ECS-host IP address ??
> 
> I don't understand this statement:
>         > The only real solution would be to not use the host name at all. From
> the
>         > stack trace, I can tell that you are concatenating a string that
> contains
>         > the host name. Don't do it, and you will resolve this security
> exception
>         > (of course, there may be others).
> 
> What am I "concatenating" ??
> "ecs_host" is a string containing "216.80.146.195".
> I append the port# only in the displayed msg (not the string).
> To connect, I am calling "socket(ecs_host, ecs_port)".
> If you think it would make a difference, I could call the
> other socket method whereby I pass an actual internet address
> (instead of a host name string). Is this what you mean ?
> 
> Thanks
> 
> \WINDOWS\HOSTS.SAM:
> # Copyright (c) 1994 Microsoft Corp.
> #
> # This is a sample HOSTS file used by Microsoft TCP/IP for Chicago
> #
> # This file contains the mappings of IP addresses to host names. Each
> # entry should be kept on an individual line. The IP address should
> # be placed in the first column followed by the corresponding host name.
> # The IP address and the host name should be separated by at least one
> # space.
> #
> # Additionally, comments (such as these) may be inserted on individual
> # lines or following the machine name denoted by a '#' symbol.
> #
> # For example:
> #
> #      102.54.94.97     rhino.acme.com          # source server
> #       38.25.63.10     x.acme.com              # x client host
> 
> 127.0.0.1       localhost
> 216.80.146.195  mark
> --
> Mark Gilmore
> Omnipotence (ECS home automation software)
> http://www.usit.com/omnip
> 423-745-0026
> Hours: Mon-Sat, 9AM-8PM/EST
> 
> Ingo Pakleppa wrote:
> >
> > I can think of two other possibilities besides Microsoft's SDK: a different
> > JVM version, and a simple security problem. I am almost positive it is the
> > latter.
> >
> > In fact, the stack trace you show below indicates that this is a security
> > problem; getHostName fails with a SecurityException when it tries to
> > connect somewhere.
> >
> > I looked up the checkConnect in Microsoft's Developer Network, and found
> > that it will ALWAYS throw a security exception. But getHostName may not
> > always call checkConnect.
> >
> > Here is what I think happens:
> >
> > Ecsio.connect() tries to find out the host name for a given IP address (it
> > looks like you try to append the host name to some other string when the
> > exception happens).
> >
> > getHostName() first tries to see if this is the local IP address, or if it
> > can resolve the IP address through the HOSTS file. If that succeeds, you
> > are done, and you can access ECS.
> >
> > If the IP address is not in the local hosts file (or if you turned off
> > using the hosts file, or if sun and moon are not at the right angle),
> > getHostName() needs to query a DNS server (typically either your proxy, or
> > your ISP). To do that, getHostName first needs to open a socket connection
> > to the DNS server (it uses UDP rather than TCP, so there is no real
> > "connection", but that's immaterial here). Alas - opening a socket anywhere
> > but where the applet came from is disallowed in an applet! Thus the
> > exception you are seeing. So the same code succeeds on your main ECS
> > machine simply because that machine of course knows it's own host name.
> >
> > I can make one suggestion to test the theory: add your ECS machine to the
> > HOSTS file on your second machine. If things start to work, you know that
> > my theory is correct.
> >
> > However, this is NOT the ultimate solution to the problem. There are many
> > people who for one reason or another cannot change the HOSTS file (for
> > instance, if they want to check their ECS status from a computer at work,
> > their sysadmin would kill him, plus the firewall might also prevent this
> > method from working!)
> >
> > The only real solution would be to not use the host name at all. From the
> > stack trace, I can tell that you are concatenating a string that contains
> > the host name. Don't do it, and you will resolve this security exception
> > (of course, there may be others).
> >
> > Ingo
> >
> > At 01:37 PM 4/19/00 -0400, Mark Gilmore wrote:
> > >Well, I'm also having a problem accessing ECS remotely with IE5.
> > >However, I CAN access it with IE5 on the ECS PC using the SAME URL
> > >(???).
> > >The remote PC DOES have the "MS VIRTUAL MACHINE" installed, but
> > >does NOT have the JAVA SDK installed (as does the ECS PC).
> > >I guess I'll have to install it, as this is the only difference
> > >that I know of (I've already compared all setup parameters).
> > >
> > >Ecsio:init:ecs_host=216.80.146.226:3000
> > >Ecsio:start:connect
> > >com.ms.security.SecurityExceptionEx[Ecsio.connect]: cannot connect to
> > >"DIALUP685.TNKNO2.USIT.NET"
> > >         at com/ms/security/permissions/NetIOPermission.check
> > >         at com/ms/security/PolicyEngine.deepCheck
> > >         at com/ms/security/PolicyEngine.checkPermission
> > >         at com/ms/security/StandardSecurityManager.chk
> > >         at com/ms/security/StandardSecurityManager.chkex
> > >         at com/ms/security/StandardSecurityManager.checkConnect
> > >         at java/net/InetAddress.getHostName
> > >         at java/net/InetAddress.toString
> > >         at java/lang/String.valueOf
> > >         at java/lang/StringBuffer.append
> > >         at Ecsio.connect
> > >         at Ecsio.start
> > >         at com/ms/applet/AppletPanel.securedCall0
> > >         at com/ms/applet/AppletPanel.securedCall
> > >         at com/ms/applet/AppletPanel.processSentEvent
> > >         at com/ms/applet/AppletPanel.run
> > >         at java/lang/Thread.run
> > >--
> > >Mark Gilmore
> > >Omnipotence (ECS home automation software)
> > >http://www.usit.com/omnip
> > >423-745-0026
> > >Hours: Mon-Sat, 9AM-8PM/EST
  subject (prev) or (next) | time (prev) or (next) | author (prev) or (next) | view more subjects



Services provided by [NetBloc]®! NetBloc Solutions Inc.
Terms of use. Indexing software (c) 1999 Lin-De, Inc .