Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: Instantiating an executable from a web browser.

Re: Instantiating an executable from a web browser.

From: Colin Bean <ccbean_at_gmail.com>
Date: Thu, 8 Feb 2007 10:36:26 -0800

Java Web Start?

You'd be able to control access to the JNLP file and the actual
application files with your web based authentication. Although the
application will be downloaded to the user's machine and cached, the
user won't be allowed to launch the application offline (don't know
off the top of my head if this can be circumvented, but it might be a
good place to start).

hth,
Colin

On 2/8/07, Scott, Richard (IS) <Richard.Scott_at_bestbuy.com> wrote:
> Forum,
>
> I've come across some interesting architectures, but I think this one is
> the most puzzling right now. I have a system that requires a java
> application to run in a localized environment (desktop). The
> application is part of a group of tools that fit in to a web based
> framework that rely on a web based method of authentication and
> authorization. The problem is this, without ripping the application
> apart, there needs to be some AAA surrounding how this desktop
> application is loaded on the desktop using the web based AAA.
>
> The question is, how can a browser securely and safely execute
> win32/java based desktop applications? The only way I can see this
> happening is creating a command shell and safely passing command
> parameters to it. But the browser in which this executable needs to be
> launched is locked down by policies. Any ideas would be appreciated.
>
> Browser <------------------> AAA
> |
> |
> \|/
> Launch win32/Java desktop application local desktop.
>
> Cheers,
> Ricc
>
> -------------------------------------------------------------------------
> Sponsored by: Watchfire
>
> Cross-Site Scripting (XSS) is one of the most common application-level
> attacks that hackers use to sneak into web applications today. This
> whitepaper will discuss how traditional XSS attacks are performed, how to
> secure your site against these attacks and check if your site is protected.
> Cross-Site Scripting Explained - Download this whitepaper today!
>
> https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA
> --------------------------------------------------------------------------
>
>

-------------------------------------------------------------------------
Sponsored by: Watchfire

Cross-Site Scripting (XSS) is one of the most common application-level
attacks that hackers use to sneak into web applications today. This
whitepaper will discuss how traditional XSS attacks are performed, how to
secure your site against these attacks and check if your site is protected.
Cross-Site Scripting Explained - Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA
--------------------------------------------------------------------------
Received on Feb 09 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos