|
|
 Up |
|
|
  |
|
|
|
Author:
Date: Sep 12, 2008 04:26
Hello,
we have a Oracle forms application running with the sun JVM.
When we start the app we are asked to accept two signed certificates.
When we say ok we can see them in the user certificates store in
"Trusted certificates" ( Vertrauenswürdige Zertifikate ).
Is there a way to import them as administrator the way they are "Trusted
certificates" for the system and not only the user ?
Thanks
Andreas
|
| |
|
| |
3 Comments |
|
|
Author: FredFred
Date: Sep 11, 2008 06:48
Hi everyone,
I'm facing a problem here about password storage in a JVM.
Here's the problem:
An html page sends a login/password to a servlet. This servlet reads the
password through the getParamter method. The getParameter, thus, creates
a String that contains the password in clear text.
I cypher the password and store it for future use.
The problem is that the String that getParameter created is still there
... containing a clear text password. And a memory dump could allow
people to read this password.
My question is : Is there a way to totally discard a String's content
from the JVM's memory?
Thanks for your help.
Fred
|
| |
|
7 Comments |
|
|
Author:
Date: Sep 8, 2008 12:32
Please be gentle. I am horribly java naive and have only gone by way of the
various instructions for creating keystores and certificates found at a
variety of sites that all match in syntax and function.
I have created a keystore, created a signing request (which has been sent to
thawte and recieved my signed cert), and imported my root and intermediate CA
certs. Every step of the way, each file and certificate has been tested and
is complete and without error.
However, when i attempt to import my final signed certificate into the
keystore, I get the following error:
keytool error: java.security.cert.CertificateException: sun.security.pkcs.
ParsingException: DerInputStream.getLength<>: lengthTag=26, too big.
Now, if i google "lengthTag=26, too big" i get zero returns from google. If i
simply google "lengthTag= too big" without the 26 i get many returns... but
all for different lengthTag errors, none of which having anything to do with
my issue.
Any insight as to what I could be doing wrong would be highly appreciated.
|
| |
|
1 Comment |
|
|
Author: Fred LongFred Long
Date: Sep 8, 2008 10:53
The CERT/CC has added to their secure coding standards for the C
language and for C++ by developing secure coding standards for Java.
The site, available as a Wiki, is at:
https://www.securecoding.cert.org/confluence/display/java/CERT+Java+Secure+Coding...
The rules and recommendations are not globally editable, but anyone is
able at add comments.
We are depending on the active involvement of the Java community (you)
to make this effort a success. I invite you to participate in this
effort by reviewing content on the web site and providing comments, or
by contributing new rules and recommendations for secure Java coding.
These can be sent to me directly or to secure-coding at cert dot com.
Please review the web site and provide feedback.
Thanks,
Fred Long
CERTË™ Coordination Center
Software Engineering Institute
|
| |
|
4 Comments |
|
|
Author: VarSriVarSri
Date: Sep 5, 2008 00:41
Do someone have documentation of
sun.plugin.liveconnect.SecureInvocation class and specifically
CallMethod function in it ?
|
| |
|
no comments
|
|
|
Author: Roedy GreenRoedy Green
Date: Sep 4, 2008 15:31
I am curious about OTP fobs. My sister said they use them at work.
She said she has to key a number that displays on the fob. This
strikes me an unnecessary and just a source of error. Surely the fob
could insert the password, but then why bother with the display?
Is there some reason for keying it? It is just lazy software writing?
I understand it works by having a clock synched with the server to
change passwords every 30 seconds or so.
|
| |
|
2 Comments |
|
|
Author: kartik saxenakartik saxena
Date: Sep 2, 2008 05:29
Hi!
I am newbie to the group, so please tell me if my questions are
relevant to the group or not.
I am working on JSR 177 APIs , SATSA . I want to know , how using
those APIs i can fetch ,
1. IMIE number/ IMSI number of the phone. I need that footprint for
some device authentication.
2. I am also trying to put some certificates on the smart card from a
certificate gateway , through this API
i need some knowledge base on that.
Please respond if this post is relevant to the group , so i can get to
the specifics.
Kartik
|
| |
|
2 Comments |
|
|
|
|
|
|
|
|
Author: denbosco1denbosco1
Date: Aug 29, 2008 22:21
INTEGRITY CAN MAKE YOU EASY MONEY!! IT WILL!!! BUT YOU
HAVE TO FOLLOW IT TO A LETTER FOR IT TO WORK!!!!
A little while back, I was browsing through newsgroups, just like you
are now, and came across an article similar to this that said you
could make
thousands of dollars within weeks with only an initial investment of
$6.00! So I thought," Yeah, right, this must be a scam", but like most
of us, I was curious, so I kept reading.
Anyway, it said that you send $1.00 to each of the 6 names and address
stated in the article. You then place your own name and address in the
bottom of the list at #6, and post the article in at least...
|
| Show full article (7.35Kb) |
|
no comments
|
|
|
|
|
