File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Authenticating a password Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Authenticating a password" Watch "Authenticating a password" New topic
Author

Authenticating a password

Rishi Shah
Ranch Hand

Joined: Sep 05, 2012
Posts: 43

I have a central admin instance of an app where judge accounts are created. In order to use this judge account, a judge instance of the app from another computer needs to authenticate with the central admin. A user instance of the app will send something to the admin, who will push it off to one of the judges.

The judges need to be able to login and authenticate with the admin. The main problem is that since every one will be on the same network and without SSL (I have no control over this) someone could sniff whatever the judge sends to the admin, and send that data himself and become authenticated as a judge.

If SSL is really the correct way to do this, then is there a way to use it without the end user having to manually do anything? I am using Socket based communication.
Rishi Shah
Ranch Hand

Joined: Sep 05, 2012
Posts: 43

I posted the "user-friendly SSL?" worry I had on StackOverflow, and got a good answer: http://stackoverflow.com/questions/12339616/java-ssl-certificate
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Authenticating a password