• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Keeping the password secure after securing the HttpInvokers

 
Greenhorn
Posts: 8
Mac OS X Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We had some problems with hackers hacking our JBoss, so I had to secure our HttpInvokers in JBoss 4.2.3 (EJBInvokerServlet and JMXInvokerServlet).
I changed the jboss-configuration and after that I changed the calling code (to supply a username and password).

My question now is:
In all examples I see on the internet, about adding security to JBoss, the username and password are hardcoded in the code.
Our client-code (which also needs these credentials) is open for download, so a smart hacker is able to download the code, decompile the classes and see the password.
Is there a way to make this secure?
 
Sheriff
Posts: 10445
227
IntelliJ IDE Ubuntu
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The password need not necessarily be part of the code. It can be stored in a database for example or some other "store" or the user could even be prompted for it. In fact, having it in the code isn't typical for production applications.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic