Re: [WEB SECURITY] Java Swing Application Security

["Jeff Robertson" <jeff.robertson () gmail com>]

Security against whom?

Against the local user, there is no security. He 0wns the machine and
everything running on it.

Against untrusted code, that is what the Security Manager is all about.

If the swing application is the client in a client/server setup, then
the server is what really needs to be protected. Think of the client
app as if it were just so much flash or javascript, and apply the
principles of web app security accordingly. Don't trust the client to
enforce any of the "ations": authentication, authorization,
validation. Don't store any information in the client that you don't
want to make public to everyone. Don't expect the client to protect
the server from SQL injection and similar.

On 11/14/06, Dharmesh Mehta <dharmeshmm () gmail com> wrote:
> Hi List,
>
> I was looking into for Java Swing Application Security.
> Does anybody aware of any kind of checklist or documentation available for
> Java Swing Applications Security?
>
> Thanks in advance.
>
>
> Regards,
> Dharmesh M Mehta
> http://smartsecurity.blogspot.com

-------------------------------------------------------------------------
Sponsored by: Watchfire

Today's hackers exploit web applications to expose, embarrass and even 
steal. Firewalls and SSL may be commonplace but recent studies indicate 
3 out of 4 websites remain vulnerable to attack. Watchfire's "Addressing 
Challenges in Application Security" whitepaper, explains what to do and 
provides a guideline to improving your own application security. 
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU
--------------------------------------------------------------------------