Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Web start security

Web start security

From: Guruprasad Ramarao <prasadg75_at_yahoo.com>
Date: 15 Oct 2003 21:33:08 -0000
('binary' encoding is not supported, stored as-is) Hi,
I am working on a project to convert/migrate an existing web application to use java web start technology.(one of the reason for migration is to remove extensive use of javascript in web application and use java instead)
Web-application was password protected with JAAS login module and also access to the same was over https.
Is there a mechanism to provide similar security in Java web start?
I am aware of code signing, this will provide authenticity to the jar file downloaded and also ensure the jar files dont(hopefully this is the case) get tampered on client box.
Are there any mechanism of providing password protection for web start application?
I tried putting JNLP in web application and configured web.xml to protect the same, but this fails, i hit with 'missing tag exception:<jnlp>'.
Also are there any security vulnerabilities using java web start technology?


-
Thanks,
Gp
Received on Oct 16 2003
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos