[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

is Java unsafe to use with Tor?



Greetings, 

(I'm not sure if this is exactly the right place to
discuss this, but it pertains to using proxies in Java
in a possibly unsafe manner, and this sort of thing
seems to only matter to users of Tor)

If I hava a Java program, and I do something like the
following: 

Properties systemSettings = System.getProperties();
systemSettings.put("http.proxyHost", "127.0.0.1");
systemSettings.put("http.proxyPort", "8118");
System.setProperties(systemSettings);

This has the effect that all HTTP connections
following will be proxied via port 8118 on localhost,
where an instance of Privoxy might be listening. A
problem soon arises however if for some reason,
Privoxy isn't currently listening (for example, it
crashes, or it is hosted on another system that has
gone down, or whatever). In the case that nothing is
listening on the intended port, Java will switch to
making connections directly instead. This could be, of
course, somewhat disasterous from a security POV. 

Are there any Java folks who have any insight about
how the "feature" is disabled? The expected behavior
should be that if the configured proxy is down,
connections should fail (as they would in any other
system). 

Or is Java just an unsafe system to try to be
anonymous in? 



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com