Security Section Index | Page 3
As one knows, JCE framework allows to use jce providers loaded from signed jars only. As a matter of fact, this restriction is much more tough - jar has to be signed by Sun or IBM, both of certificates are hardcoded. If I have some provider I completely trust, signed by any trustee other than Sun, is it legal to work it around by reflection usage, like that?
First of all you can use any 3rd party clean room JCE implementation. JCSI, BouncyCastle, Cryptix all have JCE implementations and are also their own providers. And those implementations don't re...more
Does any know of a Public Key encryption algorithm that is relativly easy to use? I am encrypting xml file into a database and I would like to use keys to control access.
Usually Public Key encryption algorithms (especially ciphers) not intended to be used to encrypt big abount of data. Their goal to manage small pieces of secure information (i.e. secret keys for s...more
How do I change the security context for an applet when running it with applet viewer? I have the jar file for an applet, and want to run it locally. By running it with applet viewer or 'java sun.a...more
I am trying to run RMI over a SSL connection. The Server- and ClientSocketFactories seem to be straight forward but how could I specify when I request a remote object, what keypair to use for the SSL connection. That means I can't just load the keys from a static key file, I want to pass them dynamically, at least to the client.
I am trying to run RMI over a SSL connection. The Server- and ClientSocketFactories seem to be straight forward but how could I specify when I request a remote object, what keypair to use for the S...more
I need to store password digests within an Oracle8 table, with the password field mapped to a varChar(30 length) column. Can you suggest which MessageDigest(MD2, MD5 or SHA1) is more suitable? Also, how should I compare the input password and the original password digest that been stored in the database?
I would like to recommend you to use SHA or MD5 because they are included into any JDK beginning from 1.1.x. If you need a comparsion of digest's hashing algorithms look at "The Hashing Function L...more
See http://www.ics.uci.edu/pub/ietf/http/hypermail/1997q3/0181.html You have to supply an Proxy-Authenticate HTTP header to your request containing user:pass in base64 encoding. more
The SecurityManager considers going up a level from the code / document base to be providing access to something that you shouldn't have access to. Thus: getImage(getDocumentBase(), "../foo.jpg")...more
Is it possible to externalize a compiler from the runtime environment when I run JSP? For security reasons, I don't want to have to put a Java compiler in my production environment.
Using OpenSSL, a possible way is to execute this command: openssl req -new -x509 -days 366 -keyout new_self.cert.pem -out new_self.cert.pem -nodes During the process you will be promped for certif...more
I'm using JSSE in order to implement SSL. I understand that SSL in JSSE uses RSA. The obstacle I am facing is that getting the default SSLSocket Factory is slow. I suspect that this is because of ...more
I'm working on a user management system for my J2ee application. The idea is we can restrict users by granting permissions for certain operations on certain resources. As far I see there is an API ...more
I think that the OpenSSL toolkit is one of the names of the OpenSSL Project, at least according to this statement that can be found on the about page of the OpenSSL web site: The OpenSSL Project i...more
No. As of version 2.1.1, Java Card doesn't provide any API for biometrics.
No. Java Card 2.1.1 only support transient arrays of primitive types (boolean, byte, short) and of Object references. You can't just create a transient instance of the MyObject class. Note than o...more
Transient data is applet data, which is cleared either when the applet or deselected or when the card is reset. Transient data is stored in a dedicated RAM area and is typically used to store sess...more