WebApp Sec mailing list archives
Instantiating an executable from a web browser.
From: "Scott, Richard (IS)" <Richard.Scott () bestbuy com>
Date: Thu, 8 Feb 2007 09:29:06 -0600
Forum, I've come across some interesting architectures, but I think this one is the most puzzling right now. I have a system that requires a java application to run in a localized environment (desktop). The application is part of a group of tools that fit in to a web based framework that rely on a web based method of authentication and authorization. The problem is this, without ripping the application apart, there needs to be some AAA surrounding how this desktop application is loaded on the desktop using the web based AAA. The question is, how can a browser securely and safely execute win32/java based desktop applications? The only way I can see this happening is creating a command shell and safely passing command parameters to it. But the browser in which this executable needs to be launched is locked down by policies. Any ideas would be appreciated. Browser <------------------> AAA | | \|/ Launch win32/Java desktop application local desktop. Cheers, Ricc ------------------------------------------------------------------------- Sponsored by: Watchfire Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional XSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA --------------------------------------------------------------------------
Current thread:
- Instantiating an executable from a web browser. Scott, Richard (IS) (Feb 08)
- Re: Instantiating an executable from a web browser. Colin Bean (Feb 09)