I want to read the web address of all open windows. As soon as the window closes, I should know it too.
One way to do this is by asking the user to download a firefox plugin. This plugin should monitor the user web address.
But is this possible? How to go about executing it. I am pretty decent in Java and PHP.
EDIT:
What if the user wants to give permission to access all the websites he or she visits?
I want to display in a visual manner the statistics of the sites being visited by users who grant permission.
As noted, this cannot be done with standard JavaScript/DOM methods that run inside a page, for security and privacy reasons.
You could definitely do it with a Firefox add on, plugin or extension.
I suggest reading the Firefox addons developer guide and the Developer Hub in general. The language used to develop for Firefox is JavaScript.
nsIWindowMediator can be used to enumerate open windows, and properties can be obtained through the nsIDOMWindow objects. As explained here,
"While you can use JavaScript to get child windows opened from the parent window, you cannot get dialogs or windows that have no relation to that window. To overcome this limitation, nsIWindowMediator makes it possible to access all of Firefox's windows."
this likely violates the same origin policy, which rules this out
it basically controls the code so that it does not read anything it did not create
so no spying can be done
No, this would be a major security and privacy issue.
This is definitely a security violation similar to sniffing; and would require certain privileges to run on each platform (such as an activeX or plugin or a privileged applet).
However, this can be done using javascript only the page containing the script it self is responsible for opening windows (meaning not all windows such as window opened by user) - if that is what you are looking for, let me know.
Related
What you do to get rid of this? I wanted to make a game that is accessible from browser. Then I get error "Your security settings have blocked a local application from running".
I changed browser. nothing.
I added exception in "configure java". Nothing.
I looked internet and looked for "medium" security level but it was removed..
Honestly, I'm not sure. But, I might know what's causing the problem. I'll list most of them here (you can find the full list at What Applets Can and Cannot Do):
Applets cannot access the local file system.
Applets cannot connect to or retrieve resources from a third party server.
Applets cannot load native libraries.
Applets cannot change the SecurityManager.
Applets cannot create a ClassLoader.
Applets cannot read certain system properties.
In summary, don't try to make changes to the user's desktop or the client's windows folder. Have them upload the file instead. Don't try to access .pngs or .json from external servers like google or yahoo either, probably because java can't guarantee them to be safe too. Neither can you load native libraries, so you might want to avoid those if you can, and finally you don't have access to some info in SecurityManager, ClassLoader or some System Props.
If your app violates one of these, Java is likely blocking your app from running. But it all depends on your implementation too. Make sure your browser doesn't block certain applet features (and that java supports your browser, make sure everything is enabled too) and try again.
Or, you can ignore all of that and try making your app privileged. Unfortunately I have very little experience with the process of making your app privileged, but from what I can hear, it'll give your applet a little more room to move in.
So, how much trust do I need to have in a publisher before I run their applet in the web browser?
In other words, I understand that a java applet is run in a sandbox in the browser, but this article suggests that the applet can actually access files stored on the local computer.
Can you please clarify the security limits of a java applet run in a modern browser, such as Firefox 50?
I understand that a java applet is run in a sandbox in the browser, but this article suggests that the applet can actually access files stored on the local computer.
There are potentially three different levels of security available to a Java applet.
The first is as you described 'sandboxed'. They can only access resources from their own server, nothing on your local file system unless they are launched using Java Web Start & will thereby have access to the services of the JNLP API. You might note that two of the services are the FileOpenService / FileSaveService! If the applet goes to use these, the end user will be prompted to permit the action via a dialog that states what the applet is trying to do, and asking for permission to proceed (to show a file chooser & go from there). These services provide back a 'file like' object that is more limited than the normal File API would supply. For example, it will not provide the path to the resource, just it's name and access to the content.
The level up from that can be specified in the launch file - '(J2EE) application client permissions'. This level removes the prompts for use of the JNLP API services.
The highest level of access is obtained by requesting, and being granted, 'all permissions'. Then the applet should have full access to File objects, be able to communicate with servers other than the one that launched it, etc. One of the few things they would still not be permitted to do in this mode is to call System.exit(n) to effectively 'kill the JRE' - this is something that is commonly done in other desktop apps.
But then there are JRE bugs, that screw all that up. Sun, then Oracle, kept stuffing up security so poorly (& regularly) that many browser manufacturers are entirely removing the support for applets (and other embedded objects requiring plug-ins) in web pages.
See Java Plugin support deprecated and Moving to a Plugin-Free Web for more detail.
..how much trust do I need to have in a publisher before I run their applet in the web browser?
I cannot answer for you, but my take would be that I would need to know them personally, and trust completely both their integrity and competence before I'd run their code in any browser I controlled.
Having said that, I don't think I have a single browser installed that even supports applets, and my complete lack of motivation to set something up, is probably a good view on whether I'd allow applets to run on this PC at all.
I have an applet that receives an XML that serialized a JasperPrint object and print it using printservices. The applet is signed and the certificate is imported in house.
This applet is in a Web application that call it using javascript and it runs in terminals with Windows XP.
The problem is that when you use the applet always displays the prompt to run the application and users have to confirm to print.
Is there any way around this without ever having to confirm?
UPDATE:
i google the problem and i see that applet is dying (like #user3712670 says),
there are another alternative to run java code on client pc from a web page?
i need to use it locally
Short answer: no.
Any settings for those confirmation dialogs are client-side, so there's nothing you can do in your code or on your server to prevent them.
You might be able to get rid of some of them by making your clients change their security settings, but this is probably not advised. And you probably can't get rid of all of them.
You can check the plugin settings for the particular browser you're running, and you can check the Java security settings from the Control Panel.
The real answer is that applets are a dying technology, and trying to make them work is a bit like plugging up the holes in a sinking ship.
I would like to know if it's possible to edit a file from within the browser. I know where the file is and I know its format. I would like to some HTML5 and JavaScript but have little luck so don't mind using Flash or Java.
The file I would like to edit is the hosts file. C:\WINDOWS\system32\drivers\etc\hosts on Windows XP.
This is mostly for test run of a new breed of AdBlocking so would like to give my browser and the best chance of working. I have Google Chrome Dev opened as ROOT, running on Windows XP.
Java applet with the correct permissions can access the file probably but how easy is it for the user to setup those permissions is a question I can not answer.
Flash is not going to work 100% as it can not be loaded from the internet and access the hard drive at the same time, without going into details you can trust me on that one as the security model simply does not allow it and there is no actual API inside flash to read the file, one can only forward it through to a server(only upload, no download), nothing more (if running from the internet sandbox).
Javascript - not sure, i kind of feel like it can't for similar reasons as Flash but somebody should probably confirm.
The add-blockers usually work as addons to the browser so you should probably do the same as you should have access but then again, you probably won't need it in that case...
In any case, Flash definitely is not going to work.
Java applets can as long as they are signed ..
Follow these intructions to sign an applet.
P.S these instructions are for a linux setup. You might need to set up environment variables in windows.
Jar signing link
so al long as the users allow the applet to run the applet the applet can modify anything on the file sysem and even open connections to other computers.. and most importantly the applet can be hidden in a corner if that is what you wish
Editing local files from a browser, especially a system file, is something that all browser vendors actively try to PREVENT. This is because all the virus makers are actively trying to edit these too!
If you want an ad blocker editing the hosts file to do it is a terrible idea for a number of reasons. First of all it is only going to work on Windows and your ad blocking won't help for Mac and Linux users. Second it will require permissions escalation on Vista and Windows 7. Third it would have to be reliant on something like ActiveX or Java. Fourth the hosts file would eventually get large. Large hosts file slow down internet browsing because you have to do a full lookup every time.
If you want to block ads, block them at the browser level. I hope I have convinced you that modifying the hosts file for this is a bad idea.
I would like to create a folder selector for my application which will only run on Internet Explorer Browsers (IE6+).
I would like to get the full folder path a user wishes to use via a HTML browse button or similar and then pass this to my server side application which is written in PHP! This can not be done via JavaScript for security reasons so I am looking for any other alternative that will work.
I had implemented a solution using a Java Applet but this did not work out as it didn't work on IE6, plus the browser security is locked down where I am deploying this app, meaning I am unlikely to get away with an applet.
The current solution is getting the user to paste in the folder location into a textfiel, this isn't acceptable any more.
Any implementation advice welcome!
Thanks all
If your app is IE only you can create a simple ActiveX Control with only one method:
HRESULT BrowseForFolder([out] BSTR folderName);
ATL Wizard will give you major portion of code.
But I would consider using flash for this:
It is more widely used then Java (I
think so).
ActiveX is strongly depends on
browser's security options and more annoying to install.
Your task is rather small, so it can
be implemented without deep skills, if you not familiar with flash