aspose file tools*
The moose likes Applets and the fly likes Is Java Applet Secure? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Applets
Bookmark "Is Java Applet Secure?" Watch "Is Java Applet Secure?" New topic
Author

Is Java Applet Secure?

Sandeep Chhabra
Ranch Hand

Joined: Aug 28, 2005
Posts: 340
Hi friends,

Nice to be back to this community after a very long time.
I had a small concern and need some Expert Advice.

I am developing a website. I have some material say in the form of Powerpoint presentation and word files which i would like to share with the members of my website. Now the thing is that this material is very confidential and I dont want the member to somehow get hold of that and redistribute it.

For this i had 2 choices:
1) Flash
2) Java Applet

I can put all the content in flash file and put them on my site. But as per my understanding the .swf file will get downloaded to the client machine and thereafter it can be misused.

On the other hand using applet might not be so interactive or efficient to display the Powerpoint presentation (I need suggestions on this also). But it MIGHT be secure, i mean at least the client will not receive any copy of the material.

Please suggest me if I am right or what should be the right way to solve this issue.

Thanks!


Regards<br />Sandy<br />[SCJP 5.0 - 75%]<br />[SCWCD 1.4 - 85%]<br />------------------<br />Tiger, Tiger burning bright,<br />Like a geek who works all night,<br />What new-fangled bit or byte,<br />Could ease the hacker's weary plight?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41885
    
  63
The applet -and any code and data it contains- are downloaded to the client as well. Anything they contain should be considered accessible to the user. From that perspective Flash and applets are identical.

But anyone watching whatever is shown in the Flash/applet presentation can write down the contents or make screenshots. What you're proposing merely makes it harder for them (and for you), and more cumbersome to use. I'd say you need to decide whether you can or can not trust the users; if the latter, they probably shouldn't be shown anything confidential.


Ping & DNS - my free Android networking tools app
Sandeep Chhabra
Ranch Hand

Joined: Aug 28, 2005
Posts: 340
Thank you very much for the guidence Ulf,
I would really appreciate if you could throw some light as to how can i really get hold of the jar that is downloaded to my machine when i am viewing an applet. (Actually, I used to think that this is not possible )

I want the members to access the confidential data but taking screenshots will not harm me, all i want is that the they should not really get the entire content.

Could you suggest some better way to secure the content that i am presentation to members for eg some PPT (embedded in applet) containing animations?

Thanks for your kind help!
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41885
    
  63
The applet jar file resides in a publicly accessible directory, so there's no problem entering it's URL into a browser and downloading it.

I guess I don't understand what the difference is between "accessing the confidential data" and "get the entire contents". It seems to me that it's conceptually the same thing.

Any applet- or Flash-based solution can be decompiled on the client, so if you're really concerned about a determined hacker, neither of them will do. Of course, doing that is beyond what the overwhelming majority of people is capable of doing (unless your audience consists of skilled techies).
 
 
subject: Is Java Applet Secure?