Reputation: 6837
securely requesting webpage from signed java applet
is there a way to check if it's really my (signed) applet which requests the webpage on the server?
i'd like to give response only if applet is ours.
would making https request from the applet ensure that they have same origin? is it possible to do without https?
Upvotes: 0
Views: 99
Answers (2)
Reputation: 147164
No. You can't trust the client. An adversary can look at what the applet is doing and replicate it. Alternatively, just intercept transferred data or poke around in the applet's memory.
The best you can hope to do is obfuscate. Note, this will end up being much more difficult for you than for the adversary.
Upvotes: 2
Reputation: 3968
I would suggest you use Cryptography, and send a "encrypted" parameter alongwith request. That parameter can be "decrypted" at server side and validated. The parameter's encrypted representation should be computed dynamically(like Timestamp + ).
Upvotes: 1
Related Questions
- Java Applet - Partially Signed?
- Signed Applet for Intranet app
- Signed Certificate & SSL
- Alternatives to Java applet or solution to unsigned the applet website connection
- How to make data from applet secure?
- Integrate signed applet in java web application
- Sign applet and deploy it in intranet
- Signed java applet
- SecurityException on my java applet
- Trying to get a signed applet to work in a browser but fails miserably