Adobe Systems has acknowledged that all versions of its Adobe Reader, including editions for Windows, the Mac and Linux, contain at least one, and possibly two, critical vulnerabilities. ‘All currently supported shipping versions of Adobe Reader and Acrobat, [Versions] 9.1, 8.1.4 and 7.1.1 and earlier, are vulnerable to this issue,’ said Adobe’s David Lenoe said in a blog entry yesterday. He was referring to a bug in Adobe’s implementation of JavaScript that went public early Tuesday.

A “Bugtraq ID,” or BID number has been assigned to a second JavaScript vulnerability in Adobe’s Reader. Proof-of-concept attack code for both bugs has already been published on the Web. Adobe said it will patch Reader and Acrobat, but Lenoe offered no timetable for the fixes. In lieu of a patch, Lenoe recommended that users disable JavaScript in the apps.

Andrew Storms, director of security operations at nCircle Network Security, said of the suggestion in lieu of patches, ‘Unfortunately, for Adobe, disabling JavaScript is a broken record, [and] similar to what we’ve seen in the past with Microsoft on ActiveX bugs.

Java provides a class called java.net.HttpURLConnection which lets you make a single connection to a url, however when you need to make the connection using proxy you are in trouble.

There are couple of methods to connect via proxy. The first one is simply to define system properties which will then let you make an HttpURLConnection using the proxy properties. Here is one way to define the properties

System.setProperty("https.proxyHost", "127.0.0.1");
System.setProperty("https.proxyPort", "80");

That’s all wonderful with system properties, but what if you need to use a specific proxy for one kind of requests, and another proxy for all others? For instance local HTTP proxy that connects to a corporate proxy and other proxy to connect to the internet, and you need that the requests are issued simultaneously by different threads? Changing system.properties obviously won’t help.

Take a look at abstract class java.net.HttpURLConnection. It requires concrete implementation, and Sun provides one: sun.net.www.protocol.http.HttpURLConnection. It even has a public constructor public HttpURLConnection(URL url, String s, int i), that accepts parameters of target URL, proxy host name and proxy port! All you need to do is instantiate it directly, and not obtain from java.net.URL.openConnection(), and there you go, http connection via proxy.

sun.net.www.protocol.http.HttpURLConnection conn = new HttpURLConnection(requestedURL, "127.0.0.1",80);