Security against whom?
Against the local user, there is no security. He 0wns the machine and
everything running on it.
Against untrusted code, that is what the Security Manager is all about.
If the swing application is the client in a client/server setup, then
the server is what really needs to be protected. Think of the client
app as if it were just so much flash or javascript, and apply the
principles of web app security accordingly. Don't trust the client to
enforce any of the "ations": authentication, authorization,
validation. Don't store any information in the client that you don't
want to make public to everyone. Don't expect the client to protect
the server from SQL injection and similar.
On 11/14/06, Dharmesh Mehta <dharmeshmm@gmail.com> wrote:
Hi List,
I was looking into for Java Swing Application Security.
Does anybody aware of any kind of checklist or documentation available for
Java Swing Applications Security?
Thanks in advance.
Regards,
Dharmesh M Mehta
http://smartsecurity.blogspot.com
-------------------------------------------------------------------------
Sponsored by: Watchfire
Today's hackers exploit web applications to expose, embarrass and even
steal. Firewalls and SSL may be commonplace but recent studies indicate
3 out of 4 websites remain vulnerable to attack. Watchfire's "Addressing
Challenges in Application Security" whitepaper, explains what to do and
provides a guideline to improving your own application security.
Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU
--------------------------------------------------------------------------
