What security restrictions do the different browsers impose on Socket use from applets?

John Zukowski

Untrusted applets can only open socket connections to the server from which the .class file was loaded. When opening said socket connection, you must use the same naming mechanism used to load the applet, so if the applet was loaded off a page like www.jguru.com/foo.html, then you must open a socket connection to www.jguru.com, not the IP address of (or whatever the equivalent that DNS brought back).

As far as being a server, untrusted applets cannot create a ServerSocket. There is no mechanism to control from where a connection would be made. Thus, an applet cannot act as a server, accepting connections from anywhere.