AppletTalk.com Java discussions newsgroups   Archives   FAQ   Search   Memberlist   Usergroups   Register   Profile   Log in to check your private messages   Log in  Prevent JAR file from modification          AppletTalk.com Forum Index -> Security and Java View previous topic :: View next topic   Author Message Thomas Duehrsen Guest Posted: Thu Nov 11, 2004 4:50 pm    Post subject: Prevent JAR file from modification Hi we want to deploy a web archive (*.war file) or just jar files to our customers. We do all customer specific modifications to the included XML configuration files before deployment and want to prevent the customers from changing any configurable parameters. How can this be achieved? I was thuinking of using jarsigner, but don't see how i can force a webserver to load only jarfiles which were signed by my company. Thanks Thomas Back to top Juha Laiho Guest Posted: Thu Nov 11, 2004 8:10 pm    Post subject: Re: Prevent JAR file from modification [email]thomas.duehrsen (AT) sicap (DOT) com[/email] (Thomas Duehrsen) said: Quote: we want to deploy a web archive (*.war file) or just jar files to our customers. We do all customer specific modifications to the included XML configuration files before deployment and want to prevent the customers from changing any configurable parameters. How can this be achieved? You book a meeting with your lawyer and design a contract that prohibits your customer from modifying the files. And hope that your local laws don't invalidate such contracts. -- Wolf a.k.a. Juha Laiho Espoo, Finland (GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++ "...cancel my subscription to the resurrection!" (Jim Morrison) Back to top steve Guest Posted: Sun Nov 14, 2004 1:07 am    Post subject: Re: Prevent JAR file from modification On Fri, 12 Nov 2004 04:10:31 +0800, Juha Laiho wrote (in article <cn0gvn$hk8$3 (AT) ichaos (DOT) ichaos-int>): Quote: thomas.duehrsen (AT) sicap (DOT) com (Thomas Duehrsen) said: we want to deploy a web archive (*.war file) or just jar files to our customers. We do all customer specific modifications to the included XML configuration files before deployment and want to prevent the customers from changing any configurable parameters. How can this be achieved? You book a meeting with your lawyer and design a contract that prohibits your customer from modifying the files. And hope that your local laws don't invalidate such contracts. if you don't know , don't reply idiot. ************* pack your config up into a class file. calculate the mnd5 checksum on the classes,( store them in the them manifest file , then implement a security loader. you could go as far as encoding the routines with a private key then issue a public key in the classfiles for deployment. Back to top Adam Guillot Guest Posted: Sun Nov 14, 2004 9:36 am    Post subject: Re: Prevent JAR file from modification steve wrote: Quote: On Fri, 12 Nov 2004 04:10:31 +0800, Juha Laiho wrote (in article <cn0gvn$hk8$3 (AT) ichaos (DOT) ichaos-int>): [email]thomas.duehrsen (AT) sicap (DOT) com[/email] (Thomas Duehrsen) said: we want to deploy a web archive (*.war file) or just jar files to our customers. We do all customer specific modifications to the included XML configuration files before deployment and want to prevent the customers from changing any configurable parameters. How can this be achieved? You book a meeting with your lawyer and design a contract that prohibits your customer from modifying the files. And hope that your local laws don't invalidate such contracts. if you don't know , don't reply idiot. ************* pack your config up into a class file. calculate the mnd5 checksum on the classes,( store them in the them manifest file , then implement a security loader. you could go as far as encoding the routines with a private key then issue a public key in the classfiles for deployment. md5 is good but put the md5 sum's somewhere the customer cant change it (like on a web server on the internet) Back to top Ferenc Hechler Guest Posted: Sun Nov 14, 2004 7:10 pm    Post subject: Re: Prevent JAR file from modification You can use signatures in the manifest file and use an Security Manager. http://java.sun.com/j2se/1.4.2/docs/guide/jar/jar.html#Signed%20JAR%20File for example mailapi.jar uses this. bye, feri Back to top Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First         AppletTalk.com Forum Index -> Security and Java All times are GMT Page 1 of 1   Jump to: Select a forum Java Newsgroups----------------Java DiscussionsWeb-based java games comp.lang.java 3D Graphics API's for Java Java: Support and criticism Java System Announcements comp.lang.java.api JavaBeans Java and CORBA Java and Databases comp.lang.java.developer Java GUI Toolkits Java Help comp.lang.java.javascript JVM, native methods and hardware comp.lang.java.misc Java Language Programming Security and Java comp.lang.java.setup Java Software Tools comp.lang.java.tech ibm.software.java.linux  Non-English Java Newsgroups----------------Java Language (German)Language Java (Français)Java (Italian)  You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Powered by phpBB © 2001, 2006 phpBB Group SEO toolkit © 2004-2006 webmedic.