river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter <j...@zeus.net.au>
Subject Re: SSL Secure Endpoints never fully utilised by River services
Date Sat, 21 Apr 2018 06:06:38 GMT
To be more accurate it limits the call backs to anon client connections, 
which is vulnerable to man in the middle attacks.

The way to fix this is to ensure the login context is preserved and 
utilised when making call backs.

On 21/04/2018 9:57 AM, Peter wrote:
> It's clear to me now that the Jini team never fully completed the 
> integration of JERI with Jini.
>
> The evidence: call backs to event listeners are not run with the 
> service's logged in subject, this prevents secure endpoints from 
> establishing connections for call backs.
>
> I have rectified this in my local code and am running tests.
>
> Just thought you might be interested to know.
>
> Regards,
>
> Peter.
>


Mime
View raw message