applet caching
From: Matthijs Blaas (thijs_blaas_at_hotmail.com)
Date: 03/30/04
- Previous message: Andrew Thompson: "Re: java.text.ParseException: Unparseable date: (ND)"
- Next in thread: Dave Miller: "Re: applet caching"
- Reply: Dave Miller: "Re: applet caching"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 30 Mar 2004 15:18:36 +0200
I have a situation in which want to secure data an applet is going to send
to a script, but I don't know if it will suffice to have the applet being
called from an SSL domain and having it send back to a script on a SSL
domain...
I call my applet from a https website (the applet is also hosted on this SSL
domain) with parameters; the sessionid. The applet is downloaded locally to
the users pc, does it's job and sends back a score along with the sessionid
it received. This sessionid is send back because the receiving script will
validate the incoming data with it, so that nobody could just send their own
score (they'd need a valid generated session id).
But if someone would decompile the locally downloaded applet and have the
modified applet listnen to the sessionid it receives and have the modified
applet to send his own score along with the hijacked sessionid back... is
there a way to overcome this or is it already impossible to have the
modified local applet listnen for the parameters and send its own (ie the
applet is called on the ssl site, so that one will be initiated)? I don't
know how this is handled...
Thanks in advance!
-Thijs
- Previous message: Andrew Thompson: "Re: java.text.ParseException: Unparseable date: (ND)"
- Next in thread: Dave Miller: "Re: applet caching"
- Reply: Dave Miller: "Re: applet caching"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
