Re: Java Enterprise Safe ??

[Joe <bitshield () gmail com>]

Hello Mate


The damage a java application can do does not depend on java itself.
It depends rather on the programmer writing the code. If you are not
doing proper input and output validation, then your java application
can have serious issues with XXS and SQL injection. These bugs however
are introduced by the programmer and not by java.

One really good thing is, that there are not buffer overflows (a major
issues in C/C++ programs) in java.

If you care about all the security issues, then you can write pretty
safe code in java. Just keep in mind; it is about the programmer not
the technology!

Regards
Joe

On Tue, Oct 7, 2008 at 8:48 AM, Mattias Hemmmingsson
<mattias () fareoffice com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> God morning
>
> We are now working with java enterprise at the glassfish server.
> And a come of thinking how secure is java really ?
>
>
> If you look att OWASP home page you can find the ten most common
> security risk against java,
>
> So with XSS how mutch damiage can you do to the system ore can you
> only change the clients view ?
>
> Sql injection is it poosible to do with java enterprise ?
>
> And the big one JAS ( java auth system or somthing like that) How safe
> is it realy ?
>
>
> // matte
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFI6wZUNJQJ1TN4TrgRAi90AJwJJxGG1fdpNrJWMGShU+kEpf2GmACfaeSs
> T0OutNQWyeyb6bu4kbiVOn8=
> =ZJBA
> -----END PGP SIGNATURE-----