Re: How to protect the application not to be run on other server ?
- From: Roedy Green <see_website@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 14 Dec 2007 16:40:22 GMT
On Wed, 12 Dec 2007 23:13:46 -0800 (PST), krislioe@xxxxxxxxx wrote,
quoted or indirectly quoted someone who said :
I need a mechanism to protect our application (web based using JSF) to
make sure that it cannot be run outside our company.
the usual way to do that is to require login to use the app. The
servlet womb e.g. Tomcat manages the user ids and passwords.
If you have a list of legal IPs or ranges, your app can check for
itself, bypassing the login requirement.
You can create certificates for your clients. The public key of that
cert is stored in the file on the server. The Login process does a
challenge, asking the client to encrypt something with its private
key, which it sends back. The advantage of this approach is the user
does not need to remember the id or password.
I used such a system in Linux back in the 90s, for remote text-based
login. I would expect something similar should be supported in many
wombs without you having to write any code. If not, you can use the
methods that form the Transporter, a light-weight public key
encryption package that does not need the JCE. To create your
certificates, to encode and decode. See
http://mindprod.com/products1.html#TRANSPORTER
--
Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com
.
- References:
- Prev by Date: Re: YAHOO ADDRESS BOOK IMPORTER
- Next by Date: Re: Eclipse install for Java EE not working
- Previous by thread: Re: How to protect the application not to be run on other server ?
- Next by thread: YAHOO ADDRESS BOOK IMPORTER
- Index(es):
Relevant Pages
|
