Security Basics mailing list archives
Re: Java Enterprise Safe ??
From: Joe <bitshield () gmail com>
Date: Thu, 9 Oct 2008 06:33:14 +0200
Hello Mate The damage a java application can do does not depend on java itself. It depends rather on the programmer writing the code. If you are not doing proper input and output validation, then your java application can have serious issues with XXS and SQL injection. These bugs however are introduced by the programmer and not by java. One really good thing is, that there are not buffer overflows (a major issues in C/C++ programs) in java. If you care about all the security issues, then you can write pretty safe code in java. Just keep in mind; it is about the programmer not the technology! Regards Joe On Tue, Oct 7, 2008 at 8:48 AM, Mattias Hemmmingsson <mattias () fareoffice com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 God morning We are now working with java enterprise at the glassfish server. And a come of thinking how secure is java really ? If you look att OWASP home page you can find the ten most common security risk against java, So with XSS how mutch damiage can you do to the system ore can you only change the clients view ? Sql injection is it poosible to do with java enterprise ? And the big one JAS ( java auth system or somthing like that) How safe is it realy ? // matte -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI6wZUNJQJ1TN4TrgRAi90AJwJJxGG1fdpNrJWMGShU+kEpf2GmACfaeSs T0OutNQWyeyb6bu4kbiVOn8= =ZJBA -----END PGP SIGNATURE-----
Current thread:
- DOT NET code review Mork (Oct 03)
- Re: DOT NET code review J. Oquendo (Oct 03)
- Re: DOT NET code review Lee Fisher (Oct 03)
- File traces Sumeet Narula (Oct 06)
- Re: File traces Shreyas Zare (Oct 06)
- Re: File traces Adam Pal (Oct 06)
- RE: File traces John Grubb (Oct 06)
- RE: File traces Tiago 'gouki' Faria (Oct 06)
- Java Enterprise Safe ?? Mattias Hemmmingsson (Oct 07)
- Re: Java Enterprise Safe ?? Joe (Oct 09)
- Re: Java Enterprise Safe ?? Gleb Paharenko (Oct 09)
- Re: Java Enterprise Safe ?? Adriel Desautels (Oct 14)
- Re: DOT NET code review J. Oquendo (Oct 03)
- Re: File traces Simone (Oct 06)
- Re: File traces Brian Johnson (Oct 06)
- Re: File traces dongle (Oct 07)
- Re: File traces the.soylent (Oct 06)
- Re: File traces Frynge Customer Support (Oct 07)
- Delegating Domain Administration - Win2k3 WALI (Oct 06)
- Re: Delegating Domain Administration - Win2k3 Salvador III Manaois (Oct 07)