WebApp Sec mailing list archives
Web start security
From: Guruprasad Ramarao <prasadg75 () yahoo com>
Date: 15 Oct 2003 21:33:08 -0000
Hi, I am working on a project to convert/migrate an existing web application to use java web start technology.(one of the reason for migration is to remove extensive use of javascript in web application and use java instead) Web-application was password protected with JAAS login module and also access to the same was over https. Is there a mechanism to provide similar security in Java web start? I am aware of code signing, this will provide authenticity to the jar file downloaded and also ensure the jar files dont(hopefully this is the case) get tampered on client box. Are there any mechanism of providing password protection for web start application? I tried putting JNLP in web application and configured web.xml to protect the same, but this fails, i hit with 'missing tag exception:<jnlp>'. Also are there any security vulnerabilities using java web start technology? - Thanks, Gp
Current thread:
- Web start security Guruprasad Ramarao (Oct 15)
- Re: Web start security Greg Steuck (Oct 16)