UsingJava Plug-in 1.5.0_06Using JRE version 1.5.0_06 Java HotSpot(TM) Client VMBrowser is Internet Explorer 6.0.2800.1106Background:Our web application has 3 different applets on one page, transmitted using https. Due to a variety of factors, the name of the host does not match the name on the ...

Hi,I am developing a web services that resides in Intranet.Thus, would like to implement application layer of user authetication, i.e. to match the input user name and password against Database record through a web service logon() method. If authentication is passed, the client program is ...

Hi all,Can we send jar and jad file via bluetooth from one mobile phone to another....If yes plz help..otherwise plz pls send me link which is proof that we can not send jar and jad file via bluetooth from one mobile phonetp other....Are there any securtiy issues or some other issuesrgdskapil ...

Hi all,I am new to J2EE. I wonder what security problems will be caused if exposing the class's path on the web server to the client. For example, I use "com.example.test" in the url of a form's action.Thanks in advance.

hi frns,i want to create a licensekey to my jar file.as far as i know javakey tool is used for creating keys.but i want in detail code how to create keys...reply urgentthanku

Hi there,I recently dived onto the Java train and so far like every bit of it, last week I managed to complete my first "homework project" (a commandline calculator which basicly picks up 2 numbers and then performs the 4 major operations on them) and now I'm studying deployment. During this I ...

I have recently been assigned to a project which requires a ftp data connection through a SOCKS firewall. From what I found out so far it has native support in the JDK, but I am uncertain if this applies to 1.3 as well, since that's the version I have to use.Anyone familiar with a solution to ...

Hi, I'm trying to write a web application (JSF, servlets, EJB's), using JAAS.When I use the DatabaseServerLoginModule the authentication & authorization works fine.When I use my own Login Module (extends from AbstractServerLoginModule) the authentication works fine, but I have problems ...

I've never used any of the Java security packages, but I'm hopnig there is something out there that can help me out with what I'm needing and that someone might be able to direct me to it.I have a large scale application which uses an independent config file. The config file has the complete ...

1.Policy ConfigurationUntil now, security policy was hard-coded in the security manager used by Java applications. This gives us the effective but rigid Java sandbox for applets.A major enhancement to the Java sandbox is the separation of policy from mechanism. Policy is now expressed in a ...

I'm tring to put my jaas.config file in my application's jar that is downloaded through webstart because I don't want to have the file on the server anymore.I keep getting a security exception saying it cannot locate the file. What is the correct syntax to specify that the jaas config file ...

Hey guys,i have a web start application.The jar file distrbibutes is signedThe following are the steps i have used for gen the certFollowing are the steps I have used for generating the certificatekeytool -genkey -alias abcdEnter keystore password: passwdWhat is your first and last name? ...

Hi,do yo know where to get source for sunpkcs11.jar? Library is included in java 1.5 but not src.Thanks,Cris

Hello, i'm in the middle of doing my project using NetBeans as the platform. the problem is i don't know how to put JSAPI and JavaMail API package into my list of library in NetBeans.So, i hope somebody can give me a guide so that i can proceed with my project... thank you very much.

Hello...I need some info and tools for what i need to integrate the Java Applet with a serial fingerprint devices and what sort of database is needed in this project development.The concept is for library access to verify the user using the fingerprint and save the record on the database. Im ...

HiI hope someone can help me I have a simple client server progam. The client is C++ running on windows and the server is Java. I want to encrypt data on the client send it to the server and decrypt it. Is there a simple way of doing this or do I have to have go the full monty wih key exchange ...

Hi everybody,I have the following problem:I've written an application which is able to send different kind of requests to an https server by using the jakarta HTTPClient. For the connection you can specify the url, the keystore and the corresponding password.If you send a request for the first ...

My application was deployed on Pramati 3.5 . I give username and password to connect to my application. We maintain the passwords in the database in encrypted format. In the current scenario we are sending the password in plain text format over network to the action file which is reponsible to ...

Hi .. What is XSS ... ? How we can protect web applications from XSS attacks. Explain with example. Thanks in adavane Satish

Hi,This one is probably easy but I'm blinded somehow. Using jdk1.5_05 with out-of-the-box providers ...

Hello All, From the link here http://java.sun.com/developer/onlineTraining/Programming/JDCBook/appA.html, it says This policy file grants read, write, delete, and execute permission to all files. grant { permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete, ...

Has anyone had any experience deploying java.security.Signature on mobile devices (eg. a phone)? Presumably one would make use of the bouncy castle j2me BigInteger class? Any pointers? (sorry, to be so vague!)

hi.........Can we do windows Authentication in core java?If not then we dont mind implementing it in J2EE. But the main thing is that we are totally new to the concept of WindowsAuthentication.So can u please guide us on this topic...........plz reply fast as we are stuck at this point in our ...

Hi;If I have a servlet running on my server, and the user accesses it from a browser running on Windows - how do I do a JAAS login so on the server I have the user's login & authentication/authorization?thanks - dave

I am trying to use bouncycastle to encrypt some data but am getting a "key invalid in message" error whenever I run it. My question is: what the hell could this mean? what could i be doing wrong. I get a feeling it's not a code issue, so what could it be?This is the actual place it falls over ...

This is the first time I am posting a question so if it sounds silly please forgive me.Well my doubt is in Java code Security. In Microsoft products after a creation of project we make it one single file called exe which by decompling will not give the exact source code which we wroteBut in ...

Dear All,This is regarding to change the default Policy implementaion in JAAS.We are trying to provide our own Policy implementation instead of default sun.security.provider.PolicyFile for our security appln. 1. I have created a class com.test.MyJaasPolicy by extending java.security.Policy and ...

Hi all,I'm currently looking for Information how to write Secure JAVA applications. I don't need the stuff everybody is talking about (e.g. Web App Security, SQL Injection, XSS, etc.) but instructions how to write code which is not breakable for standallone JAVA/J2EE applications. With the ...

I have created a java desktop application that runs on user machine with windows platform. I want to make this application SSO enabled. How can I read windows username and password?Please Advise.

I'm having a problem with the GSSManager.createCredential() method.I believe my keytab is correct as kinit -k works correctly for my SPN.However, when I attempt to call GSSManager.createCredential using my SPN I keep getting the following:GSSException: No valid credentials provided (Mechanism ...

When a user times out in an web app. he is directed to the login page. On successfully logging in he's directed to the page he requested beore he timed out.We require that the user on being timed out should be taken to the home page and not the requested page. But i want to know where the ...

I am trying to get a basic authenication sample working. In my servlet, I have the following code:LoginContext lc = null;try {lc = new LoginContext("Verify", new VerifyUserCallbackHandler());} catch (LoginException le) {System.out.println("Cannot create LoginContext. 1");System.err.println(" " ...

Hello,I've signed my jar. It works but still display before this message :"The application digital is invalid. Do you want to run the application"if I say OK, it works but I would like to avoid this "not very funny" message.I know I have something more to do and related to certificates but to ...

HiI am having java standalone application which uses https protocol. From here I am contacting https server, but server is saying certificate expired. Can any body tell me how to by pass the certificate such that my application will work.Thanks

I have a doubt regarding JAAS implementation.Suppose I am using JAAS for implementing a Pluggable Authentication Module for a stand alone java application (Not J2EE) and LoginModule uses native OS authenticationmechanism to authenticate users. In this case where should I keep my JAAS policy ...

I'm trying tutorial of JAAS, located in http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnOnly.htmlI made a batch file as runner:set CLASSPATH=.java -Djava.security.manager -Djava.security.policy=sample.policy -Djava.security.auth.login.config=sample_jaas.config ...

I'm trying to get the source and destination address of ip packets in java for the development of my network monitoring tool...Please help

hi,I want to get user's printer usage details from the printer queue for monitoring purpose.....can some one give me some idea

Hello,I am using following config for Active Directory..AuthenticationService { com.sun.security.auth.module.Krb5LoginModule required client=TRUE debug=FALSE useTicketCache=FALSE;}When I use Universal Principle Name, the login return success, however when I use samAccountName I get login ...

I have crated a java web application that asks the username and password and authentictes user using Kerberos Login module. In this case, the username and password are transmitted to server in clear text. So I want encrypt this communication using SSL. Can I accomplish this by using JSSE? If ...

Hi ,I need to decript password which is been encripted by using MD5 as follows,MessageDigest md = MessageDigest.getInstance("MD5");md.update(barray);byte[] result = md.digest();restring = asHex(result);Can anyone help me how to decript password encripted bt ...

Hi,How can I restrict user from running any java application on his/her computer?How to make jvm to run only well known jar files on particular computer?Regards,Vitaliy

How do i prevent hackers from invoking the servlets directly? Assuming that they know(guessed) the servlet names.

I have anabled authentication usng JAASRealm in Tomcat 5.xThe steps are1. Security constraints in web.xml - Working2. JAAS LoginModule implementation - Working because I am able to login.3. Policy file like thisgrant CodeBase " http://localhost:8080/-" Principal ...

Hello!By java 2 security model, all local Java applications run unrestricted as trusted applications by default. but there is a note about security configuration which runs local application with access-control policies applied (similar to applet's and remote application's).But there was not ...

I have been searching in vain within the JSE 1.4/5.0 ways to process a byte array of data that is ASN1.1 encoded. Any help would be very much appreciated.

I want to write a web service in which clients will accept a certificate from the server. I want this certificate to authenticate uniquely every client. This means that every certificate will be a little different from each other (is it possible?).When the client use the service for the first ...

Hello,I would appreciate some guidance from senior security people in this forum. Here is what I am trying to do:1- I am responsible for partial development of a TECHNICAL FRAMEWORK, which will end-up packaged as a signed jar file: i.e., "signedFramework.jar". 2- The purpose of the framework ...

Hello, I am helping in the creation of a Java application that uses RMI to store and retrieve XML documents, including stylesheets and schemas. The security aspect of this application involves users logging onto the server. Once a user has been authenticated, they are able to view/edit specific ...

Hi,I'm working on a project which requires me to log keystrokes (although I'm not so much interested as to building a history of key events, more of timings between them). The idea is the patterns can be used to identify a user (and log out users who are not the person who logged in).Java is ...