EventWeb was created as an intranet application, running behind the firewall. We have attempted to provide some security features, E.G.: the SessionKey, but have also assumed the protection of the firewall. You need to do your own security assessment, and take appropriate measures, before deploying EventWeb in a public internet facing server.
The discussion here is mainly about how existing OS, Web browser, and Java security affect EventWeb operation with native EventWeb channels.
EventWeb can be accessed using file:// URLs, http://localhost/ URLs, or URL's that include the system's host name or IP address. File URLs are the easiest to use, but the most likely to have the applet blocked by security settings. Using system host name or IP address generally causes the fewest problems.
The only security issue we have encountered with the servers is when an unprivileged user lacks the authority to open a low-numbered TCP port. See Using an Alternate Port and use a port above 1024.