ECS-L Home Automation and Security Archives
  learn more | view messages for this month | NetBloc® | terms of use | search

Google
 


  subject (prev) or (next) | time (prev) or (next) | author (prev) or (next) | view more subjects

Subject:
From:
Date:		 Re: [ECS] Remote IE5 access problem
Ingo Pakleppa
Wed, 19 Apr 2000 14:31:51 -0700
Brad is right, you need to rename (or better, copy) HOSTS.SAM to HOSTS. As 
for the address, that's probably the DNS name of the dial-in port that your 
ECS machine got from the ISP. Nothing to worry about. It's kind of paradox 
that you get the exception trying to find out that name, and then the error 
message contains the exact information you wanted, but that's probably correct.

Ingo

At 04:25 PM 4/19/00 -0400, Mark Gilmore wrote:
>Hi Ingo,
>I just:
>1) Exited IE5
>2) Disconnected
>3) Appended my ECS host info to HOSTS.SAM (shown below)
>4) Re-connected
>5) Re-started IE5
>
>This had no effect.
>I assume that I am using the correct file
>(there is no other file which looks applicable).
>Perhaps I need to reboot ?
>The address noted in the error message ("DIALUP685.TNKNO2.USIT.NET")
>worries me.
>What IS this thing ?
>Shouldn't this be my ECS-host IP address ??
>
>I don't understand this statement:
>         > The only real solution would be to not use the host name at 
> all. From
>the
>         > stack trace, I can tell that you are concatenating a string that
>contains
>         > the host name. Don't do it, and you will resolve this security
>exception
>         > (of course, there may be others).
>
>What am I "concatenating" ??
>"ecs_host" is a string containing "216.80.146.195".
>I append the port# only in the displayed msg (not the string).
>To connect, I am calling "socket(ecs_host, ecs_port)".
>If you think it would make a difference, I could call the
>other socket method whereby I pass an actual internet address
>(instead of a host name string). Is this what you mean ?
>
>Thanks
>
>\WINDOWS\HOSTS.SAM:
># Copyright (c) 1994 Microsoft Corp.
>#
># This is a sample HOSTS file used by Microsoft TCP/IP for Chicago
>#
># This file contains the mappings of IP addresses to host names. Each
># entry should be kept on an individual line. The IP address should
># be placed in the first column followed by the corresponding host name.
># The IP address and the host name should be separated by at least one
># space.
>#
># Additionally, comments (such as these) may be inserted on individual
># lines or following the machine name denoted by a '#' symbol.
>#
># For example:
>#
>#      102.54.94.97     rhino.acme.com          # source server
>#       38.25.63.10     x.acme.com              # x client host
>
>127.0.0.1       localhost
>216.80.146.195  mark
>--
>Mark Gilmore
>Omnipotence (ECS home automation software)
>http://www.usit.com/omnip
>423-745-0026
>Hours: Mon-Sat, 9AM-8PM/EST
>
>
>Ingo Pakleppa wrote:
> >
> > I can think of two other possibilities besides Microsoft's SDK: a different
> > JVM version, and a simple security problem. I am almost positive it is the
> > latter.
> >
> > In fact, the stack trace you show below indicates that this is a security
> > problem; getHostName fails with a SecurityException when it tries to
> > connect somewhere.
> >
> > I looked up the checkConnect in Microsoft's Developer Network, and found
> > that it will ALWAYS throw a security exception. But getHostName may not
> > always call checkConnect.
> >
> > Here is what I think happens:
> >
> > Ecsio.connect() tries to find out the host name for a given IP address (it
> > looks like you try to append the host name to some other string when the
> > exception happens).
> >
> > getHostName() first tries to see if this is the local IP address, or if it
> > can resolve the IP address through the HOSTS file. If that succeeds, you
> > are done, and you can access ECS.
> >
> > If the IP address is not in the local hosts file (or if you turned off
> > using the hosts file, or if sun and moon are not at the right angle),
> > getHostName() needs to query a DNS server (typically either your proxy, or
> > your ISP). To do that, getHostName first needs to open a socket connection
> > to the DNS server (it uses UDP rather than TCP, so there is no real
> > "connection", but that's immaterial here). Alas - opening a socket anywhere
> > but where the applet came from is disallowed in an applet! Thus the
> > exception you are seeing. So the same code succeeds on your main ECS
> > machine simply because that machine of course knows it's own host name.
> >
> > I can make one suggestion to test the theory: add your ECS machine to the
> > HOSTS file on your second machine. If things start to work, you know that
> > my theory is correct.
> >
> > However, this is NOT the ultimate solution to the problem. There are many
> > people who for one reason or another cannot change the HOSTS file (for
> > instance, if they want to check their ECS status from a computer at work,
> > their sysadmin would kill him, plus the firewall might also prevent this
> > method from working!)
> >
> > The only real solution would be to not use the host name at all. From the
> > stack trace, I can tell that you are concatenating a string that contains
> > the host name. Don't do it, and you will resolve this security exception
> > (of course, there may be others).
> >
> > Ingo
> >
> > At 01:37 PM 4/19/00 -0400, Mark Gilmore wrote:
> > >Well, I'm also having a problem accessing ECS remotely with IE5.
> > >However, I CAN access it with IE5 on the ECS PC using the SAME URL
> > >(???).
> > >The remote PC DOES have the "MS VIRTUAL MACHINE" installed, but
> > >does NOT have the JAVA SDK installed (as does the ECS PC).
> > >I guess I'll have to install it, as this is the only difference
> > >that I know of (I've already compared all setup parameters).
> > >
> > >Ecsio:init:ecs_host=216.80.146.226:3000
> > >Ecsio:start:connect
> > >com.ms.security.SecurityExceptionEx[Ecsio.connect]: cannot connect to
> > >"DIALUP685.TNKNO2.USIT.NET"
> > >         at com/ms/security/permissions/NetIOPermission.check
> > >         at com/ms/security/PolicyEngine.deepCheck
> > >         at com/ms/security/PolicyEngine.checkPermission
> > >         at com/ms/security/StandardSecurityManager.chk
> > >         at com/ms/security/StandardSecurityManager.chkex
> > >         at com/ms/security/StandardSecurityManager.checkConnect
> > >         at java/net/InetAddress.getHostName
> > >         at java/net/InetAddress.toString
> > >         at java/lang/String.valueOf
> > >         at java/lang/StringBuffer.append
> > >         at Ecsio.connect
> > >         at Ecsio.start
> > >         at com/ms/applet/AppletPanel.securedCall0
> > >         at com/ms/applet/AppletPanel.securedCall
> > >         at com/ms/applet/AppletPanel.processSentEvent
> > >         at com/ms/applet/AppletPanel.run
> > >         at java/lang/Thread.run
> > >--
> > >Mark Gilmore
> > >Omnipotence (ECS home automation software)
> > >http://www.usit.com/omnip
> > >423-745-0026
> > >Hours: Mon-Sat, 9AM-8PM/EST
  subject (prev) or (next) | time (prev) or (next) | author (prev) or (next) | view more subjects



Services provided by [NetBloc]®! NetBloc Solutions Inc.
Terms of use. Indexing software (c) 1999 Lin-De, Inc .