geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tero Mäntyvaara <term...@gmail.com>
Subject Re: Secure connection between EJB client and server
Date Mon, 06 Mar 2006 22:53:51 GMT
I meant item 2. I think that this could be done with JSSE (
http://java.sun.com/products/jsse/index.jsp ), because it provides
alternative to RMI socket.

I think this item 3 can be found from most J2EE distribution? Is it
implementation of JAAS?

I would be most thankful if you add these features to big G ;-)


Tero Mäntyvaara

David Blevins wrote:
> This is something we could potentially add.
> 
> How far down the security hole do you need to go?
>  1. Prevent tempering (secure hash of args/return values)
>  2. Prevent reading (encryption)
>  3. Proving client identity (mutual auth)
> 
> I'm guessing 2, but throwing out the other options.
> 
> -David
> 
> 
> On Mar 6, 2006, at 11:30 AM, Tero Mäntyvaara wrote:
> 
>> Hi!
>>
>> I am searching Java Enterprise Edition server capable of securing
>> communication between EJB client and server.
>>
>> I found that Geronimo 1.0 doumentation mentions that it does not support
>> secure connection between EJB client and server "Currently secure
>> access to EJBs is not supported" (9.6. Configuring SSL/HTTPS).
>>
>> When this feature is going to be supported?
>>
>> Tero Mäntyvaara
>>
>>
> 
> 


Mime
View raw message