Re: Oracle Developer2000 and Java SSL ...

Jeff Nisewanger (Jeff.Nisewanger@Eng)
Wed, 11 Feb 1998 10:23:38 -0800

Date: Wed, 11 Feb 1998 10:23:38 -0800
From: Jeff.Nisewanger@Eng (Jeff Nisewanger)
Message-Id: <199802111823.KAA07861@puuoo.eng.sun.com>
To: java-security@web2.javasoft.com, jfries@nswc.navy.mil
Subject: Re: Oracle Developer2000 and Java SSL ...

> We are currently using Oracle's Developer2000 to deploy Forms
> applications to the web that tie into our databases. Oracle allows
> the forms apps to run through a "web cartridge" as Java applets.
> We have SSL enabled on our web server, and haven't had much problems
> connecting to the server through https. But we've seen a few anomolies
> with the Java applet forms:
> When we run the applets through Netscape 4.04 browser's Java engine, the
> applet pops up, but shows as being unsecured (the lock icon is
> unlocked).
> When we run the applet straight through the latest Appletviewer, it
> fails
> to start, with an error about "unsupported protocol: https". So the
> question is - can we get these forms applets to work against our secure
> web server AND have data entered or queried be secure? Right now, it
> looks as though Java doesn't really like https - which does not help us
> with our secure environment. Would love to hear otherwise!

As you discovered, appletviewer doesn't support https URLs.
However, HotJava does. You could try downloading it from
http://java.sun.com/products/hotjava/1.1/ to try as an experiment.

I haven't tried loading web pages through https that contain
embedded Java applets on Netscape 4.04. I'm speculating, but could be
that they mark the page as unsecure (open padlock) because the applet
Java code is not signed by a trusted code signer and, as Java code,
it could in theory use instances of the java.net.URL class or just
java.net.Socket to open up unsecured connections and send data back
to the website.

Jeff