WebApp Sec mailing list archives
Re: [WEB SECURITY] Java Swing Application Security
From: "Jeff Robertson" <jeff.robertson () gmail com>
Date: Wed, 15 Nov 2006 07:44:02 -0500
Security against whom? Against the local user, there is no security. He 0wns the machine and everything running on it. Against untrusted code, that is what the Security Manager is all about. If the swing application is the client in a client/server setup, then the server is what really needs to be protected. Think of the client app as if it were just so much flash or javascript, and apply the principles of web app security accordingly. Don't trust the client to enforce any of the "ations": authentication, authorization, validation. Don't store any information in the client that you don't want to make public to everyone. Don't expect the client to protect the server from SQL injection and similar. On 11/14/06, Dharmesh Mehta <dharmeshmm () gmail com> wrote:
Hi List, I was looking into for Java Swing Application Security. Does anybody aware of any kind of checklist or documentation available for Java Swing Applications Security? Thanks in advance. Regards, Dharmesh M Mehta http://smartsecurity.blogspot.com
------------------------------------------------------------------------- Sponsored by: WatchfireToday's hackers exploit web applications to expose, embarrass and even steal. Firewalls and SSL may be commonplace but recent studies indicate 3 out of 4 websites remain vulnerable to attack. Watchfire's "Addressing Challenges in Application Security" whitepaper, explains what to do and provides a guideline to improving your own application security. Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU --------------------------------------------------------------------------
Current thread:
- Re: [WEB SECURITY] Java Swing Application Security Jeff Robertson (Nov 16)