I had a brainstorm this morning, and I think that I may have a possible hack against Java that might circumvent a few network access policies and the firewalls that support them. Looking at the Java APIs it seems pretty likeley to me that when a name to address lookup is performed, all it does is call gethostbyname() or the equivilant. If this is the case (and I don't have a source license at this point, or even a system that will run Java) there is the possiblility that a sytem with control of a web server and a DNS server could coerce a Java client into initiating TCP connections to clients other than the system that provided the applet (which should be a prohibited behavior, as I read the specs.) This is still at the WAG stage, since I don't have access to source code and have not received confirmation (nor denial) from any of the vendors that I have contacted, but I'd appreciate feedback (positive or negative) from the list(s). FWIW, my WAGs have about an 80% hit ratio, but this is the first that I've posted without confirmation. ObCrypto: _When_ will DNS be secured via PKE? -- Steve@AZTech.Net