Jump to content
Forumu Destekleyenlere Katılın ×
Paticik Forumları
2000 lerden beri faal olan, çok şukela bir paylaşım platformuyuz. Hoşgeldiniz.

Diziport kullananlar ÖNEMLİ!!

mokoko

Son yazan: mokoko
yeri: İnternet

 Paylaş

Öne çıkan mesajlar

di Grand Master

di

Mesaj tarihi:
Mesaj tarihi:
Baya baya sehir efsanesi sanki. Zira;

said:

Unsigned Applet Restrictions

To make Applets very safe to run, even when they were composed by teens with the morals or skill of Beavis and Butthead, Applets are severely restricted. Unsigned Applets (without special permission to bypass security) are not permitted to:

talk to any server but the one you were loaded from. No talking to strangers. If they were loaded from a local disk, they can’t talk to any webserver at all. They can’t load classes, read files, or have socket communications with any webserver but mom, the server htey were loaded from. Applets can send/receive email to/from a different host, but only via the home host.

I have discovered by experiment that when an Applet runs locally, it is only allowed to read files in the same directory or in a subdirectory of that directory. It can’t read files in the parents or sibling directories, just child/grandchild directories. Oddly, it does not matter where the jar itself is, but where the web page is that has the
I have discovered by experiment that when an Applet runs from a website, it is only allowed to read files in the same directory as the web page or in a subdirectory of that directory, (downstream from the webpage). It can’t read files in the parents or sibling directories, just child/grandchild directories. It does not matter where the jar is, just the web page and the files that you try to read. This means unsigned Applets usually end up bundling everything they need to read as resources in the jar.

I have not experimented with https:. Please let me know if you can use https in an unsigned Applet and if you can mix http: to fetch the Applet jar and http: to fetch the data.

read or write local files on the client machine. They are not even allowed to look in a directory or test for the existence of a file. You can however read a file (resource) embedded in the jar with Class. getResource or Class.getResourceAsStream. It can also read from the server via a URL. Even when your Applet is loaded from hard disk, it still may not do file I/O even via file: URLs.

Use System.setOut or System. setErr to redirect the console.

Look at the restricted system properties, or get an enumeration of all the system properties. See Wassup. Don’t use Color. getColor which interrogates the system properties.

Monitor mouse motion.

Print in Java version 1.1, though you can in JDK (Java Development Kit) 1,2+. The user has to ok the printing though.

Send email to a server other than the one it was loaded from.

Talk to a serial port.

Talk to a parallel port.

Change thread priority, even lower it.

Read or write the clipboard. However, users can manually cut/paste your AWT (Advanced Windowing Toolkit) components without security clearance. The restriction is on programmatic control of the clipboard. Swing components have no cut/paste ability at all.

Install software.

Execute any native code. If you use native JNI (Java Native Interface) code, things get really complicated vis a vis security and signed Applets with native code. You are better off to use Java Web Start.

Exec external programs.

Issue an RMI (Remote Method Invocation) call to a remote object running on a different server than the Applet’s.

Determine the structure of an object (fields, methods, values, etc.) using the Reflection API (Application Programming Interface).

Use the Preferences API to store or look at configuration information in the registry.

You can use Properties.load so long as you read the resource with MyClass.class. getResourceAsStream

If your Applet needs to do any of the above things, it must be signed.
Link to comment
Sosyal ağlarda paylaş
BabacumMostors Grand Master

BabacumMostors

Mesaj tarihi:
Mesaj tarihi:
güncelleyeyim eheh

MSE ile tarattım

file:C:Users(kullanıcıadı)AppDataLocalLowSunJavaDeploymentcache6.0123cc664c-733787d4

uzantısında "TrojanDownloader:Java/OpenConnection.NR" diye bir şey buldu, kaldırdı

aç kapa yaptım şimdi saatin oradaki menüde java simgesi de yok ikide bir de çıkıp "apdeytim geldi abey" diye dırdır eden java uyarıları da yok

böyle
Link to comment
Sosyal ağlarda paylaş
Liebe Grand Master

Liebe

Mesaj tarihi:
Mesaj tarihi:
ohara herhangi bir sitede dizi izlerken tam ekran yaptığımda bir uyarı sesi geliyor her seferinde , simge durumuna küçültürken bir anlığına görebiliyorum java simgesini sonra hemen kayboluyor.1 aydır falan böyle bu diziporttanda baya dizi izliyorum arada.baya tırstım nod32 ile taratıyorum şu an bişi çıkmazsa avirayı kuralım bakalım.
Link to comment
Sosyal ağlarda paylaş
El-Barto Rising Star

El-Barto

Mesaj tarihi:
Mesaj tarihi:
"roket adam" said:

Java'da bu derece suistimale acik bir exploit olsa coktan boku çıkardı bence, ben de pek ihtimal vermedim ama bilen birine danışmak lazim tabii.

bende en ufak ihtimal vermiyorum öyle bişey olucağına. en azından izin için uyarı sormadan hem indirip, hem çalıştırıcak bi açık bulunsa diziport'a özel kalmaz o. internetin her köşesine yayılır. ben hiç denemedim diziport'u gerçi ama insanları kıllandırmayı başardılar sonuçta :)
Link to comment
Sosyal ağlarda paylaş
El-Barto Rising Star

El-Barto

Mesaj tarihi:
Mesaj tarihi:
valla gerekli şartlar sağlanırsa istediği yere kadar gider java :) o yüzeysel dediğin şey native olmaması (OS'e özel), yani JRE kullanması her bilgisayarda ama o da bişey değiştirmez yani.

Şimdi okudum o ekşisözlük entrysini, hakkaten olmuş bu virüs olayı ama izlemeye başlarken soruyomuş zaten "www.metinozdogan.com.tr" adresindeki appleti çalıştırıyim mi diye. E çalıştıran da haketmiş yani :)
Link to comment
Sosyal ağlarda paylaş
 Paylaş
Konu listesine dön
×
  • Yeni Oluştur...