aspose file tools*
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes SSL and Security basic questions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "SSL and Security basic questions" Watch "SSL and Security basic questions" New topic
Author

SSL and Security basic questions

sowmya thiru
Greenhorn

Joined: Jun 09, 2003
Posts: 19
Here is my understanding
1. Confidentialy/EavesDropping - Data is not read during transmission between sender and receiver. This is taken care by Encrption and Decrption � Symmetric cryptography.
correct?
2. Data Integrity/Tampering - Data is not modified during transmission between sender and receiver. This is taken care by public key crptography
correct?
so if I use just SSL and not using any certificate or digital signature, is it correct to say that i have taken care of point 1 but not point 2.
3. to vouch for public key, I need to use trusted CA like Verisign etc
correct?
4.im referring to figure 3 of following link:
http://developer.netscape.com/docs/manuals/security/pkin/contents.htm#1051918
From this diagram, Im assuming that original data is encrpted using symetric algo and transmitted via ssl along with digital signature.
correct?
Billy Tsai
Ranch Hand

Joined: May 23, 2003
Posts: 1304
I dont think u need know all those details, I didnt encounter any of those kind of questions in SCEA part1, the questions in the exam were more relevant to jdk and applet securities.


BEA 8.1 Certified Administrator, IBM Certified Solution Developer For XML 1.1 and Related Technologies, SCJP, SCWCD, SCBCD, SCDJWS, SCJD, SCEA,
Oracle Certified Master Java EE 5 Enterprise Architect
sowmya thiru
Greenhorn

Joined: Jun 09, 2003
Posts: 19
umm surprised.... in many of SCEA notes, i have seen mentioning on cryptography, digest, pki, digital certificates apart from jdk security and applet security.
can anybody confirm that therei s not need to study on pki, certificate, digital signature.
what is the scope in security section?
applet security and jdk 1.1 , 2 security model?
question on applet security
in jdk1.1, a signed jar gets full access to system resources correct?
if a jar is signed..is it also trusted?
if above is not correct..how to make applet trusted apart from it is signed
Billy Tsai
Ranch Hand

Joined: May 23, 2003
Posts: 1304
there are only 2 questions on the security part of the exam
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SSL and Security basic questions