This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Security with HTTP Tunneling? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Security with HTTP Tunneling?" Watch "Security with HTTP Tunneling?" New topic

Security with HTTP Tunneling?

Siegfried Heintze
Ranch Hand

Joined: Aug 11, 2000
Posts: 381
"Professional Java Server Programming J2EE Edition" (page 88-89) identifies two options for HTTP tunneling. One option is to use java-rmi.cgi script which (apparently) is a big security loophole in the server.
Are there security problems using servlets as illustrated in Jason Hunter's "Java servlet Programming"? If not, why does he not demo them on his site? You can run all the other examples except is RMI chat program (last I checked a couple of months ago).
I agree. Here's the link:
subject: Security with HTTP Tunneling?
Similar Threads
Http Tunneling
EJB calling another EJB over a Network
J2EE Client Application - Part II
It is not true, Database does not shows through Applet
Servlet tunnelling?