简体   繁体   English

从另一个Java小程序访问Java小程序

[英]Accessing Java applet from another Java applet

A web application uses a Java applet that stores a password, submitted by the user, in a private property and uses this property in several public methods. Web应用程序使用Java applet,该Java applet将用户提交的密码存储在私有属性中,并在几种公共方法中使用此属性。

I wonder if it is possible for another Java applet loaded from the same or different web site to call the methods of this applet or possibly access the private property containing the password? 我想知道从相同或不同网站加载的另一个Java applet是否可以调用此applet的方法或访问包含密码的私有属性?

Do different applets run in a same or different JVMs? 不同的applet是否在相同或不同的JVM中运行? If they run in the same JVM, can one applet somehow get a reference to another running applet? 如果它们在同一JVM中运行,那么一个applet能否以某种方式获得对另一个正在运行的applet的引用?

The password-storing applet is signed. 密码存储小程序已签名。 I work from assumption that the snooping applet that wants to get the password can also be signed. 我的假设是,也可以对想要获取密码的侦听小程序进行签名。

You can use AppletContext to get a reference from one applet to another. 您可以使用AppletContext来获取从一个小程序到另一个小程序的引用。 The current applet will have to know what to typecast the result into if you want to call any public methods other than those defined by the Applet class itself. 如果您要调用Applet类本身定义的那些公共方法以外的其他公共方法,则当前的applet必须知道将结果类型转换为什么。

I think your answer is here . 我想你的答案就在这里 A signed applet can have, with the client's permission, access to outside the sandbox so in theory you might be able to. 在客户的许可下,签名的小程序可以访问沙箱外部,因此从理论上讲您可以。

Which makes me think -- what if I were to have my (malicious) applet signed? 这让我想到-如果我要签名(恶意)小程序怎么办? Would I be able to acquire some user data, by concocting the poor user into clicking 'yes'? 通过炮制可怜的用户单击“是”,我是否能够获取一些用户数据? The question is left as an exercise to the reader (ok, I'm joking here). 这个问题留给读者练习(好吧,我在这里开玩笑)。

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM