ECS-L Home Automation and Security Archives
  learn more | view messages for this month | NetBloc® | terms of use | search

Google
 


  subject (prev) or (next) | time (prev) or (next) | author (prev) or (next) | view more subjects

Subject:
From:
Date:		 Re: [ECS] Remote IE5 access problem -Reply
Mark Gilmore
Wed, 19 Apr 2000 17:53:54 -0400
The PING works fine with my HOSTS file.
-- 
Mark Gilmore
Omnipotence (ECS home automation software)
http://www.usit.com/omnip
423-745-0026
Hours: Mon-Sat, 9AM-8PM/EST


Martin Terry wrote:
> 
> An easy way to test if you are actually using values from your host file is
> to shell to a dos prompt and type
> 
> ping mark
> 
> This should automagically resolve to the ip you want and show the IP address
> in the subsequent pings.
> 
> If it comes back and says it can't resolve "mark" then your host file isn't
> setup correctly.
> 
> -----Original Message-----
> From: Brad Chamberlain [mailto:bchamberlain@lmberry.com]
> Sent: Wednesday, April 19, 2000 1:44 PM
> To: ecs-list@netbloc.com
> Subject: Re: [ECS] Remote IE5 access problem -Reply
> 
> Mark,
> 
> You need to rename the file with no extension. That is just a sample file.
> 
> Brad
> 
> >>> Mark Gilmore <omnip@usit.net> 04/19/00 04:25pm >>>
> Hi Ingo,
> I just:
> 1) Exited IE5
> 2) Disconnected
> 3) Appended my ECS host info to HOSTS.SAM (shown below)
> 4) Re-connected
> 5) Re-started IE5
> 
> This had no effect.
> I assume that I am using the correct file
> (there is no other file which looks applicable).
> Perhaps I need to reboot ?
> The address noted in the error message
> ("DIALUP685.TNKNO2.USIT.NET")
> worries me.
> What IS this thing ?
> Shouldn't this be my ECS-host IP address ??
> 
> I don't understand this statement:
>         > The only real solution would be to not use the host name at all.
> From
> the
>         > stack trace, I can tell that you are concatenating a string that
> contains
>         > the host name. Don't do it, and you will resolve this security
> exception
>         > (of course, there may be others).
> 
> What am I "concatenating" ??
> "ecs_host" is a string containing "216.80.146.195".
> I append the port# only in the displayed msg (not the string).
> To connect, I am calling "socket(ecs_host, ecs_port)".
> If you think it would make a difference, I could call the
> other socket method whereby I pass an actual internet address
> (instead of a host name string). Is this what you mean ?
> 
> Thanks
> 
> \WINDOWS\HOSTS.SAM:
> # Copyright (c) 1994 Microsoft Corp.
> #
> # This is a sample HOSTS file used by Microsoft TCP/IP for Chicago
> #
> # This file contains the mappings of IP addresses to host names. Each
> # entry should be kept on an individual line. The IP address should
> # be placed in the first column followed by the corresponding host name.
> # The IP address and the host name should be separated by at least one
> # space.
> #
> # Additionally, comments (such as these) may be inserted on individual
> # lines or following the machine name denoted by a '#' symbol.
> #
> # For example:
> #
> #      102.54.94.97     rhino.acme.com          # source server
> #       38.25.63.10     x.acme.com              # x client host
> 
> 127.0.0.1       localhost
> 216.80.146.195  mark
> --
> Mark Gilmore
> Omnipotence (ECS home automation software)
> http://www.usit.com/omnip
> 423-745-0026
> Hours: Mon-Sat, 9AM-8PM/EST
> 
> Ingo Pakleppa wrote:
> >
> > I can think of two other possibilities besides Microsoft's SDK: a
> different
> > JVM version, and a simple security problem. I am almost positive it is
> the
> > latter.
> >
> > In fact, the stack trace you show below indicates that this is a security
> > problem; getHostName fails with a SecurityException when it tries to
> > connect somewhere.
> >
> > I looked up the checkConnect in Microsoft's Developer Network, and
> found
> > that it will ALWAYS throw a security exception. But getHostName may
> not
> > always call checkConnect.
> >
> > Here is what I think happens:
> >
> > Ecsio.connect() tries to find out the host name for a given IP address (it
> > looks like you try to append the host name to some other string when
> the
> > exception happens).
> >
> > getHostName() first tries to see if this is the local IP address, or if it
> > can resolve the IP address through the HOSTS file. If that succeeds,
> you
> > are done, and you can access ECS.
> >
> > If the IP address is not in the local hosts file (or if you turned off
> > using the hosts file, or if sun and moon are not at the right angle),
> > getHostName() needs to query a DNS server (typically either your
> proxy, or
> > your ISP). To do that, getHostName first needs to open a socket
> connection
> > to the DNS server (it uses UDP rather than TCP, so there is no real
> > "connection", but that's immaterial here). Alas - opening a socket
> anywhere
> > but where the applet came from is disallowed in an applet! Thus the
> > exception you are seeing. So the same code succeeds on your main
> ECS
> > machine simply because that machine of course knows it's own host
> name.
> >
> > I can make one suggestion to test the theory: add your ECS machine to
> the
> > HOSTS file on your second machine. If things start to work, you know
> that
> > my theory is correct.
> >
> > However, this is NOT the ultimate solution to the problem. There are
> many
> > people who for one reason or another cannot change the HOSTS file
> (for
> > instance, if they want to check their ECS status from a computer at
> work,
> > their sysadmin would kill him, plus the firewall might also prevent this
> > method from working!)
> >
> > The only real solution would be to not use the host name at all. From
> the
> > stack trace, I can tell that you are concatenating a string that contains
> > the host name. Don't do it, and you will resolve this security exception
> > (of course, there may be others).
> >
> > Ingo
> >
> > At 01:37 PM 4/19/00 -0400, Mark Gilmore wrote:
> > >Well, I'm also having a problem accessing ECS remotely with IE5.
> > >However, I CAN access it with IE5 on the ECS PC using the SAME
> URL
> > >(???).
> > >The remote PC DOES have the "MS VIRTUAL MACHINE" installed, but
> > >does NOT have the JAVA SDK installed (as does the ECS PC).
> > >I guess I'll have to install it, as this is the only difference
> > >that I know of (I've already compared all setup parameters).
> > >
> > >Ecsio:init:ecs_host=216.80.146.226:3000
> > >Ecsio:start:connect
> > >com.ms.security.SecurityExceptionEx[Ecsio.connect]: cannot connect
> to
> > >"DIALUP685.TNKNO2.USIT.NET"
> > >         at com/ms/security/permissions/NetIOPermission.check
> > >         at com/ms/security/PolicyEngine.deepCheck
> > >         at com/ms/security/PolicyEngine.checkPermission
> > >         at com/ms/security/StandardSecurityManager.chk
> > >         at com/ms/security/StandardSecurityManager.chkex
> > >         at com/ms/security/StandardSecurityManager.checkConnect
> > >         at java/net/InetAddress.getHostName
> > >         at java/net/InetAddress.toString
> > >         at java/lang/String.valueOf
> > >         at java/lang/StringBuffer.append
> > >         at Ecsio.connect
> > >         at Ecsio.start
> > >         at com/ms/applet/AppletPanel.securedCall0
> > >         at com/ms/applet/AppletPanel.securedCall
> > >         at com/ms/applet/AppletPanel.processSentEvent
> > >         at com/ms/applet/AppletPanel.run
> > >         at java/lang/Thread.run
> > >--
> > >Mark Gilmore
> > >Omnipotence (ECS home automation software)
> > >http://www.usit.com/omnip
> > >423-745-0026
> > >Hours: Mon-Sat, 9AM-8PM/EST
  subject (prev) or (next) | time (prev) or (next) | author (prev) or (next) | view more subjects



Services provided by [NetBloc]®! NetBloc Solutions Inc.
Terms of use. Indexing software (c) 1999 Lin-De, Inc .