Reputation: 55
Security threats to updating a java desktop application
Im looking at security threats to my java application when doing updates. Also looking for ways to update my application. If there is an urgent update needed that it will be forced onto the user. Also what would be the security issues with these ways of updating?
Upvotes: 0
Views: 79
Answers (1)
Reputation: 149
You need to be more specific. What mechanism do you use to update your application?
A way to update your app is, for example, to replace single class files. In general you have to check the source of the update. A possible attacker could try to fake an Update (class-file) to get into the host. To counter this threat you should sign your updates with a private key and use your public key to check if the signature is valid. (Overall you should sign your applications/jar-files)(Java Code Signing) Code signing is also usefull if an attacker tries to trick the user to install some manipulated update.
If you use object-serialization you need to be aware of additional points (Object (De-)Serialization Vulnerabilities)
Another question Stackoverflow about updating java applications: How can I write a Java application that can update itself at runtime?
Upvotes: 1
Related Questions
- How to avoid reverse engineering of an APK file
- JWT (JSON Web Token) automatic prolongation of expiration
- Unit testing with Spring Security
- Is either GET or POST more secure than the other?
- Is SecureString ever practical in a C# application?
- "Automatic updates" for Java (desktop) application?
- SPA best practices for authentication and session management
- How should I ethically approach user password storage for later plaintext retrieval?
- Security threats with private server hosting