EJB security question

Hi all,

I'm looking for a bit of advice. We have a J2EE application we have written, and are considering hosting such that we can give access to external clients. Our server hosts some EJBs and the GUI is a Web Start client. The user enters some data on the client and it is sent to the EJB server for processing - is there a security risk here ? Could the data potentially be intercepted or is the EJB communication secure ? if it is not secure, what is the suggested way of doing this - encrypting on the client and de-evcrypting on the server ?

Many thanks for any advice.

Alistair

[610 byte] By [asedwella] at [2007-10-2 2:21:55]

«« new to j2me
»» OOA/D Book

# 1

Anyone ?CheersAlistair

asedwella at 2007-7-15 20:14:12 >

top of Java-index,Security,Other Security APIs, Tools, and Issues...

# 2

Well, I have not used EJB or J2EE yet, but I will guess that it is insecure. The usual solution to secure these comms is to use the TLS/SSL APIs in the JSSE. I'm not sure what is available to a J2EE application.

ghstarka at 2007-7-15 20:14:12 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

EJB security question

Security New Topic

Security Hot Topic

Security

All Classified