Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Is Java Applet Secure?

 
Sandeep Chhabra
Ranch Hand
Posts: 340
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi friends,

Nice to be back to this community after a very long time.
I had a small concern and need some Expert Advice.

I am developing a website. I have some material say in the form of Powerpoint presentation and word files which i would like to share with the members of my website. Now the thing is that this material is very confidential and I dont want the member to somehow get hold of that and redistribute it.

For this i had 2 choices:
1) Flash
2) Java Applet

I can put all the content in flash file and put them on my site. But as per my understanding the .swf file will get downloaded to the client machine and thereafter it can be misused.

On the other hand using applet might not be so interactive or efficient to display the Powerpoint presentation (I need suggestions on this also). But it MIGHT be secure, i mean at least the client will not receive any copy of the material.

Please suggest me if I am right or what should be the right way to solve this issue.

Thanks!
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The applet -and any code and data it contains- are downloaded to the client as well. Anything they contain should be considered accessible to the user. From that perspective Flash and applets are identical.

But anyone watching whatever is shown in the Flash/applet presentation can write down the contents or make screenshots. What you're proposing merely makes it harder for them (and for you), and more cumbersome to use. I'd say you need to decide whether you can or can not trust the users; if the latter, they probably shouldn't be shown anything confidential.
 
Sandeep Chhabra
Ranch Hand
Posts: 340
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you very much for the guidence Ulf,
I would really appreciate if you could throw some light as to how can i really get hold of the jar that is downloaded to my machine when i am viewing an applet. (Actually, I used to think that this is not possible )

I want the members to access the confidential data but taking screenshots will not harm me, all i want is that the they should not really get the entire content.

Could you suggest some better way to secure the content that i am presentation to members for eg some PPT (embedded in applet) containing animations?

Thanks for your kind help!
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The applet jar file resides in a publicly accessible directory, so there's no problem entering it's URL into a browser and downloading it.

I guess I don't understand what the difference is between "accessing the confidential data" and "get the entire contents". It seems to me that it's conceptually the same thing.

Any applet- or Flash-based solution can be decompiled on the client, so if you're really concerned about a determined hacker, neither of them will do. Of course, doing that is beyond what the overwhelming majority of people is capable of doing (unless your audience consists of skilled techies).
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic