Reputation: 197
How to secure a web application you host but have no ability to modify
I have an web application (Java-html5/js) which runs on our servers that is accessed simply by its URL, no login options or checks. I have been asked to secure it, but I have no access to its source code and I have not managed to contact the developer behind it. It is widely being used on the company, so there is no option to shut it down. The other applications on the network require authentication, so I can use those credentials for this app as well, by redirecting him from a another page. But once he logins, how can I stop him from just accessing the actual unsecured url?
Upvotes: 0
Views: 37
Answers (1)
Reputation: 11106
If you're unable to change anything on this server, you may do the following:
- Install a proxy server with authentication on another machine - if there's not already one in the company
- restrict access to the app server to this proxy's IP address by putting it behind a firewall or changing routing rules
You need to go through the proxy to access and you need to authenticate. Way complicated but should work
Upvotes: 1
Related Questions
- How to secure my java web application?
- Need help to understand and implement basic web app security
- Java Web Start Application requires medium secuirity
- Java WebApp Security frameworks
- Advice on implementing security aspect of Java EE web application
- How can I secure a JSP page after adding it to my hosting and making it live?
- How to secure a Java EE web application code when deployed at customer's servers?
- Sample web application in java with security constraints in web.xml
- Java Web Application Security Idea
- Java security in non-web app