Java Jive: "I Said a Sip, Not the Whole Cup!"
We have to use what we have available, and we know we can call on getDocumentBase() for help.
What can be done to stop the majority of these thefts? Well, we
have to use what we have available, and we know we can call on
getDocumentBase() for help. This method comes from the Class
Applet, in the package java.applet. The method
getDocumentBase() tells you where the HTML page was served
from. Using getDocumentBase(), one can determine the page's
origin, and if we call these methods from within the applet, we can
prevent it from working if it's not coming from the correct server.
Here's a simple applet showing how it works:
import java.net.*;
import java.applet.*;
public class stopthief extends Applet {
public void init() {
String stolen;
Stringowner =
getDocumentBase().getHost();
if (owner.equals("www.yourdomain.com")) {
// this is where you would insert
// your stuff for legit users
} else {
System.exit(1);
// this is where you'll kill or
// otherwise alter the applet for
// thieves
}
}
}
What this does is to cause a security exception at System.exit(1)
if the applet is not coming from your site. This is just an example,
as you could cause it to do almost anything, but this way, it just
won't work for thieves. One negative aspect of this method is that
you'll have to change and recompile the applet if you change
servers.
And just how secure is this method? Secure enough to
thwart most applet thieves, but not enough to stop professionals,
or even those with a lot of determination. How can they still make
the applets function? Anyone familiar with a hex editor can tell
you. There's no magic involved...just a little search and replace.
So why implement the method at all then? Because it'll stop about
ninety percent of those that would hack your applet, and the other
ten percent will find a way to hack it anyway.
If you're not afraid to enter the world of CGI (and why would you
be...you're already into programming enough to read this column),
then you can create a CGI script that is called by the applet, and if
the CGI doesn't pass the correct information to the applet, the
applet will not function. Is it simple? Not particularly, but it is
effective-more so than our previous example.
NEXT
Reprinted from Web Developer® magazine, Vol. 3 No.2 Mar/Apr 1997 (c) 1997 internet.com Corporation. All rights reserved.
New on the Java Boutique:
New Review:
Time Management Made Easy with the Quartz Enterprise Job Scheduler
Why not just use the Java timer API? This open source scheduling
API boasts simplicity, ease-of-integration, a well-rounded feature
set, and it's free!
New Applet:
Reverse Complement
Reverse Complement is a simple applet that converts DNA or RNA
sequences into three useful formats.
Elsewhere on internet.com:
WebDeveloper Java
Lots of Java information on webdeveloper.com
WDVL Java
Thorough Java resource at the Web Developer's Virtual Library.
ScriptSearch Java
Hundreds of free Java code files to download.
jGuru: Your View of the Java Universe
Customizable portal with online training, FAQs, regular news updates, and tutorials.
