(See also common preferences panel help.)

Entering Applet Groups

This preference dialog lets you control the granularity of applet groups. Applet groups are important because they specify which applets can cooperate and share information. By default, all applets loaded from the same server belong to the same group. In certain cases, you'll want to group applets from different servers together. This dialog lets you do that.

Each word in the text widget is an applet group name.

If the group name begins with a period (`.'), it is a domain name, and the group consists of all servers in that domain.
If the group name does not begin with a period, it is a host name, and the group consists of exactly that host.
An exact host name match is preferred over a domain name match.
If no host name matches, the longest matching domain name is chosen.
All comparisons are case insensitive.
If a server's name matches none of the given host or domain names, it becomes a group by itself.
A host or domain name should not end in a period.

Example

Suppose you define the following applet group names:

.python.org
www.python.org
.reston.va.us
.cnri.reston.va.us
www.cnri.reston.va.us

Then the following collection of servers would be divided into groups as follows:

monty.python.org, spam.python.org, ftp.python.org, www2.python.org, python.org
www.python.org
www.visix.reston.va.us, www.usgs.reston.va.us, www.reston.va.us
merlin.CNRI.Reston.Va.US, monty.reston.va.us, test.www.CNRI.Reston.VA.US, CNRI.Reston.Va.US
www.cnri.reston.va.us

Notice how a server at python.org is part of group `.python.org', but a server at test.www.reston.va.us is not part of group `www.reston.va.us' (because the group name does not begin with a period -- it is effectively a host name).

Caveats

IMPORTANT: Without a secure transport protocol, a known site or domain can never be completely trusted, except for other hosts within the same firewall. Using DNS spoofing or other techniques, a rogue site anywhere on the Internet could masquerade as a known site outside the firewall. Never trust an applet with sensitive data, except when you live inside a firewall and the applet lives within that same firewall. (In the future, secure protocols based on public-key encryption and authentication will make it possible to trust sites without the use of firewalls.)

Currently, servers at different ports on the same host are always lumped into the same group, and so are applets loaded from different directories in the same server.

Beware of defining groups with names like `.com' or `.net' -- these effectively lump together large numbers of unrelated servers.

The group name is determined from the URL of the page containing the applet; the URL for the applet itself is not taken into account. This is as it should be: a trusted site should not be required to copy all applets that it uses onto its server, and a trusted page may thus contain applets loaded from several different sites that should be allowed to cooperate. Trust in an applet requires trust in the arguments passed to the applet by the page that contains it. A rogue server should not be able to affect a trusted group (of which it is not part) in any way; if it could load an applet in a trusted group with bogus parameters, it might damage the group's data.

There is currently no way to create a group out of servers in unrelated domains. (A possibly syntax for this would be comma-separated host or domain names.)

If a host has multiple host names (e.g. DNS aliases), it may be part of different groups, depending on which host name is used in its URL.

No DNS lookup is attempted for host names given as numeric IP addresses (e.g. 123.45.67.89).