Client/server security protection

Similar Messages

• White Paper: End-to-End Client/Server Security with the Adobe Flash Platform

  Today we released a sorely needed white paper on end-to-end client/server security with the Adobe Flash Platform.  This information is directly applicable to the Adobe  LiveCycle family as well as Flash RIAs. 
  http://www.slinnbooks.com/books/enterprise/securityWhitePaper.shtml
  Thank you,
  Mike
  Michael Slinn
  http://micronauticsresearch.com
  http://slinnbooks.com

  Hai,
         Delete the certificate in the ABAP system and try importing the new certificate from the EP instance(ADS) and export into the ABAP and check...
  Thanks and Regards,

• ---- Client / Server --- Security --- CDC/PP

  Hi guys,
  I have a Server / Client application using CDC/PP for WM5 Devices with IBM j9 VM. I use a Socket Connection to exchange the data, without any encrytion. The data is kinda sensible, so it can't stay that way.
  I'am a totally newb, when it comes to security,
  so How do I make my Sever/Client application secure? What tools / APIs do I need?

  You have to be listening for connections on some particular port, you can't just accept connections any old where (AFAIK). So, the IP/port number combo should work for you.

• Should i use secure sockets for my whole client/server application?

  Hi,
  I have a client server application, and I want to ensure that the login process is secure (i.e. use secure sockets). but I dont know how to switch back to a normal socket once that is done.
  So I am left thinking that i should just use SSL for my whole application, which can last pretty long. But I would rather not. Is there any other way of doing this?
  or should I just encrypt the login info using MD5 or something like that, then send it over an unsecure socket?
  thanks!

  Hey,
  Are you sure you haven't confused JGSS for JSSE?
  Imagine you have a client-server system and you sometimes want data sent over the wire to be encrypted... JGSS offers you this flexibility; if you a encrypted transmission, run ift through JGSS before transmitting it; if you don't want an encrypted transmission, bypass JGSS and just send the transmission.
  The benefit is the security (encryption) isn't hard-wired into you communications protocol i.e. TLS. JGSS has nothing to do with connections it is just protocol for securing messages, not sending them.
  You would need to establish the secure context but this could be done at startup and persist for the duration of you applicaiton invocation. You perhaps might need to implement a mechanism to identify encrypted messages on the receiving peer (so it knows to attempt decryption).
  Admittedly, kerberos seems like one of those 'inside-joke' things. I've come to realise if you don't have some sort of kerberos realm/server against which to authenticate - you need to swap it out as the underlying mechanism. How this is done I'm not sure yet, but I intend to find out today....further down the rabbit hole I go!
  If I discover anything helpful, I will let you know.
  Warm regards,
  D

• What is best way to secure client/server communication?

  Hi all, I have a question for you. What is the best method for ensuring a secure communication through a client/server stream socket implementation?
  I currently have a server that talks to several clients for various tasks. I would like to make all communication between the server and clients secure. In other words when one of my clients accepts an incoming connection I would like to verify that the server is really who they are talking with, and also that the data that is being received is indeed not tampered with.
  Is SSL the correct technology to use with this? And if so, what is the general outline of steps I need to follow to get an SSL connection? I mean do I need certificates and all that stuff?
  Thanks in advance for any help you may be able to provide.

  The more I look into SSL the more it appears it is only for web servers. My app is not web server based. Is SSL not the correct way to go on this then?

• Upload cap file by net on client card, and protect cap file. Encode cap?

  How upload cap file by internet on client card, and protect cap file. Encode cap file?
  cap file > Server (keys) --> internet --> Client Program --> JCOP10 card
  Can I use secure channel protocol ? How ?

  Thanks for response.
  Problem for me is communication between client program(computer) -> reader -> card.     
  The cap file is in Bin format.
  Transmission can by easy scanned. How to protect this step of upload process?.
  Internet is no problem.
  My English is pure, and I have problem to understand specification.
  Can I upload, install cap file encoded by Secure Channel Protocol '02' ?
  If yes, then some example, log file can help me understand how to do this and how build APDU commend. I Use my program (Delphi) to communicate with reader and card.

• Client/server ciphering

  i have a client/server application wherein each explicitly installs Sun's JCE Provider. I guess the problem is that when the client encrypts it installs a new provider and when the server receives the message and tries to decrypt, a new provider is also added in Security. Enc/Dec produces error. But in stand alone application, it is fine. I guess this is because in stand alone appliction, only one provider is installed explicitly. Can somebody help?
  Is there a way to install the provider implicitly and that the client and server shoould be using the same provider?
  is there a way to solve this problem? i am using sockets for this application.

  Your problem is simple : by using the CBC mode, you need to get an IV parameter Vector when creating the Cipher. If you don't specify this IV parameter vector, then you can't decipher the message correctly. You can either choice a IV parameter Vector or change to ECB mode ( a little less secure than CBC, but don't require a second initialisation parameter).
  I can check your code if you want, just send it at [email protected] . Can't say how long i will have to check it, but i will take a look.
  Hope this helped a little.

• Configure client side security polise for RMI

  Hi all!
  How to configure client side security if I want to use applet and RMI on the single
  computer.
  I was editing . java.policy file:
  grant {
  // added to allow RMI/JMS
  permission java.io.SerializablePermission "enableSubstitution";
  permission java.lang.RuntimePermission "setContextClassLoader";
  But I have MarshalException if I want to make a call from one
  Java VM to another.
  Regards,
  Pavel.

  Which version WLS are you using? In the latest versions of WLS 6.0 you need
  not give these extra permissions for the applets.This is taken care in the
  server itself. You can contact support for the patch.
  ..maruthi
  "Pavel" <[email protected]> wrote in message
  news:3bc7d744$[email protected]..
  >
  Hi all!
  How to configure client side security if I want to use applet and RMI onthe single
  computer.
  I was editing . java.policy file:
  grant {
  // added to allow RMI/JMS
  permission java.io.SerializablePermission "enableSubstitution";
  permission java.lang.RuntimePermission "setContextClassLoader";
  But I have MarshalException if I want to make a call from one
  Java VM to another.
  Regards,
  Pavel.

• Client/Server to Web-Based application Conversion

  Hi! Everyone,
  I have couple of questions for you guys.
  Our Client had recently upgraded Forms 4.5 to 6i to move from Client/Server based application to Web based application.
  They are using Forms Server 6i Patch Set 1, OAS 4.0.8.1, Windows NT Service Pack 5 and Oracle 7.3. They are facing the following error every now and then, when they run the forms,
  "FRM-92100: Your connection to the server was interrupted. This may be the result of a network error or a failure on the server.You will need to re-establish your session."
  Please let me know what might be causing the above error. The only problem i can think about might be Oracle 7.3. If i am right only Oracle 8 and above supports Forms 6i.
  Can anyone let me know some tips and/or techniques to upgrade Forms 4.5 to 6i. If there are any important settings/steps which we might have over looked during the upgrade, please list them.
  Any kind of help is greatly appreciated.
  Thanks,
  Jeevan Kallem
  [email protected]

  Most of the code is use with no changes at all.
  See otn.oracle.com/formsupgrade
  Regards
  Grant Ronald

• Client/server program validation - is it possible?

  I've been mulling over this problem for a few days, and am starting to wonder if it's theoretically possible to find a solution. I'm not looking for specific code, this probably won't even be implemented in Java, I'm just wondering if there is a theoretical program model that would work in this situation.
  The short version:
  Validate the data generated by a client program, without knowing the original data.
  The long version:
  This is a "profiling" system for a MMOG (Massively Multiplayer Online Game). The MMOG is an internet based client/server graphical program where each client connects to the server and they interact with each other and the virtual world. They pay a monthly fee for access to the game. My program is not affiliated with the MMOG or its makers. I have no connections inside the company and cannot expect any cooperation from them.
  The "profiling" system is also a client/server model. The client program runs in the background while the MMOG client is active. It accesses the memory of the MMOG client to retrieve information about the player's character. Then, possibly on request or maybe immediately, it sends the character data to our server.
  What I want to validate is that the character data being sent is unmodified and actually comes from the MMOG program.
  I can reasonably expect that with mild encryption and some sort of checksum or digest, the vast majority of problems can be avoided. However, I am not sure it's possible to completely secure the system.
  I assume that the user has access to and knowledge of the profiler client and the MMOG client, their assembly code, and the ability to modify them or create new programs, leveraging that knowledge. I also assume that the user does not have access to or knowledge of either of the server applications - the MMOG server or mine.
  In a worst-case scenario, there are several ways they could circumvent any security I have yet been able to think of. For instance, they could set up a fake MMOG client that had the data they wanted in memory, and let the profiler access that instead of the real thing. Or, they could rewrite the profiler to use the data they wanted and still encrypt it using whatever format I had specified.
  I have been considering using some kind of buffer overflow vulnerability or remote execution technique that would allow me to run specific parts of the client program on command, or get information by request, something that could not be anticipated prior to execution and thus could not be faked. But this seems not only insecure for the client but also not quite solid enough, depending on how it was implemented.
  Perhaps a series of apparently random validation codes, where the client does not know which one actually is doing the validation, so it must honor them all. Again, this is very conceptual and I'm sure that I'm not explaining them very well. I'm open to ideas.
  If I don't come up with anything better, I would consider relying on human error and the fact that the user will not know, at first, the relevance of some of the data being passed between client and server. In this case, I would include some kind of "security handshake" that looks like garbage to the client but actually is validated on the server end. A modified program or data file would result in an invalid handshake, alerting the server (and me) that this client was a potential problem. The client would have no idea anything had gone wrong, because they would not know what data the server was expecting to receive.
  I hope I have not confused anyone too much. I know I've confused myself....

  Yes, that is the general model for all MMOGs these days - no data that can actually affect the game is safe if loaded from the client's computer. All character and world data is sent from server to client and stored in memory. Any information that is saved to the client's computer is for reference only and not used by the game engine to determine the results of actions/events etc.
  My program accesses the MMOG client's memory while the game is running, and takes the character information from there. It does not have direct access to the MMOG server, and does not attempt to modify the data or the memory. Instead, it just encrypts it and sends it to our server, where the information is loaded into a database.
  The security issue comes into play because our database is used for ranking purposes, and if someone were to hack my program, they could send invalid data to our servers and affect the rankings unfairly.
  I'm just trying to think of a way to prevent that from happening.

• Looking for a client/server that supports multiple protocol and delivery

  Hi all, I don't know if this the right place to ask my question,here it goes.
  I am looking to develop a client-server that supports multiple protocols such as HTTP, HTTPS etc. I am looking for a framework( i don't know if that is correct or I need some kind of web-service (soap etc)) that would manage connection, security etc. I would like to like to devote most of my time in developing business objects with multiple delivery mechanism such as sending serilized java objects, xml message or soap message, or in some case JMS message as well. So I need a client server that can come in via TCP/IP or HTTP or anyother industry standard protocol and I should be able to service him with pub/sub model and also request/response model as well.
  I don't know if I had explained what I need, I would like to know what technologies I should be evaluating and which direction I should be heading... Also the server I'm developing should be free of Java constraints if needed...
  Also this service is not webbased service as now but if need arises I should have a flexibilty to make them web enabled in future. Also I would like to work with open source webservers or appservers if I need

  Inxsible wrote:I installed i3 - along with the i3status - which I still have to figure out. I am liking what I see as of now. It reminds me of wmii -- when I used it way back when. However I do not like the title bar. I would much rather prefer a 1 px border around the focused window.
  "i3 was created because wmii, our favorite window manager at the time, didn't provide some features we wanted (multi-monitor done right, for example), had some bugs, didn't progress since quite some time and wasn't easy to hack at all (source code comments/documentation completely lacking). Still, we think the wmii developers and contributors did a great job. Thank you for inspiring us to create i3. "
  To change the border of the current client, you can use bn to use the normal border (including window title), bp to use a 1-pixel border (no window title) and bb to make the client borderless. There is also bt  which will toggle the different border styles.
  Examples:
  bindsym Mod1+t bn
  bindsym Mod1+y bp
  bindsym Mod1+u bb
  or put in your config file
  new_window bb
  from: http://i3.zekjur.net/docs/userguide.html (you probably already found that by now )

• Mail Delivery System Errors and Securing/Protecting agains spam

  Good morning all.
  This morning I started recieving these:
            From:   Mail Delivery System <[email protected]>
            Subject:   [It] Postfix SMTP server: errors from imr-mb02.mx.aol.com[64.12.207.163]
            Date:   November 18, 2011 8:51:23 AM EST
            To:   Postmaster <[email protected]>
  Transcript of session follows.
  Out: 220 mail.cotaoil.com ESMTP Postfix
  In:  EHLO imr-mb02.mx.aol.com
  Out: 250-mail.cotaoil.com
  Out: 250-PIPELINING
  Out: 250-SIZE
  Out: 250-VRFY
  Out: 250-ETRN
  Out: 250-AUTH LOGIN PLAIN CRAM-MD5 GSSAPI
  Out: 250-AUTH=LOGIN PLAIN CRAM-MD5 GSSAPI
  Out: 250-STARTTLS
  Out: 250-ENHANCEDSTATUSCODES
  Out: 250-8BITMIME
  Out: 250 DSN
  In:  MAIL From:<[email protected]> SIZE=3485
  Out: 250 2.1.0 Ok
  In:  RCPT To:<[email protected]> ORCPT=rfc822;[email protected]
  Out: 451 4.3.5 Server configuration error
  In:  DATA
  Out: 554 5.5.1 Error: no valid recipients
  In:  RSET
  Out: 250 2.0.0 Ok
  In:  QUIT
  Out: 221 2.0.0 Bye
  How this started:
  Over the past couple of days to approx a week, I have seen a massive influx of Spam on our server.  Spam coming in on random ex employee names that no longer work for the company.
  Previous to the spam, I turned on "forward un-deliverable mail to" and set to me.  The CEO was missing emails because people were not spelling his name correctly.  I have actually been able tyo catch a lot of employee emails some important, others not.
  In trying to make the mail server more secure, one of the features I tried to turn on was SMTP Client Restrictions, Which broke SMTP for my users.  Obviously the error is mine and I need to do more research, but love some feedback on what needs to be set on the server and clients for SMTP client restrictions to work.
  I know THE HOFF (mr hoffman) had information at some point to help users secure postfix, can anyone point me in the right direction, as well as any tips here on how to stop the influx of spam?
  pstconf -n is here:
  alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
  biff = no
  body_checks = regexp:/etc/postfix/body_checks
  broken_sasl_auth_clients = yes
  command_directory = /usr/sbin
  config_directory = /etc/postfix
  content_filter = smtp-amavis:[127.0.0.1]:10024
  daemon_directory = /usr/libexec/postfix
  debug_peer_level = 2
  enable_server_options = yes
  header_checks = pcre:/etc/postfix/custom_header_checks
  html_directory = /usr/share/doc/postfix/html
  inet_interfaces = all
  local_recipient_maps =
  mail_owner = _postfix
  mailbox_size_limit = 0
  mailbox_transport = dovecot
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  maps_rbl_domains =
  maximal_queue_lifetime = 2d
  message_size_limit = 0
  mydestination = $myhostname, localhost.$mydomain, localhost, mail.cotaoil.com, cotaoil.com, $mydomain
  mydomain = mail.cotaoil.com
  mydomain_fallback = localhost
  myhostname = mail.cotaoil.com
  mynetworks = 127.0.0.0/8,192.1.1.10,192.1.1.11
  newaliases_path = /usr/bin/newaliases
  owner_request_special = no
  queue_directory = /private/var/spool/imap/dovecot/mail
  readme_directory = /usr/share/doc/postfix
  recipient_delimiter = +
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = _postdrop
  smtp_sasl_password_maps =
  smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated hash:/etc/postfix/smtpdreject cidr:/etc/postfix/smtpdreject.cidr reject_rbl_client zen.spamhaus.org permit
  smtpd_enforce_tls = no
  smtpd_helo_required = yes
  smtpd_helo_restrictions = reject_invalid_helo_hostname reject_non_fqdn_helo_hostname
  smtpd_pw_server_security_options = cram-md5,gssapi,login,plain
  smtpd_recipient_restrictions = permit_sasl_authenticated  permit_mynetworks   reject_unknown_recipient_domain  reject_unknown_sender_domain  reject_invalid_hostname  reject_unauth_destination check_policy_service unix:private/policy permit
  smtpd_sasl_auth_enable = yes
  smtpd_tls_CAfile = /etc/certificates/mail.cotaoil.com.8F44026B8E7E908CEDAAD718F486D91C8FCD693E.cha in.pem
  smtpd_tls_cert_file = /etc/certificates/mail.cotaoil.com.8F44026B8E7E908CEDAAD718F486D91C8FCD693E.cer t.pem
  smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
  smtpd_tls_key_file = /etc/certificates/mail.cotaoil.com.8F44026B8E7E908CEDAAD718F486D91C8FCD693E.key .pem
  smtpd_tls_loglevel = 0
  smtpd_use_pw_server = yes
  smtpd_use_tls = yes
  tls_random_source = dev:/dev/urandom
  unknown_local_recipient_reject_code = 550
  virtual_alias_maps =
  mail:~ administrator$

  I am not certain what you mean by immediately removing the 192.1.1.10 and 192.1.1.11, AIX servers that I use to relay admin emails to an IT address here.  Some sort of a gateway implemented on a pair of IBM boxes, I might presume. 
  192.1.1.0/24 is in a public address space that you don't have assigned (unless you're BBN).  If that IP routing leaks out, then some folks can get cranky.  Or should you eventially need to contact hosts within the address space of the "real" occupants of 192.1.1.0/24, routing won't necessarilt play nice.  There may well be a static IP route here, depending on the details of the router configuration, as otherwise that IP traffic would be going to BBN and not to those servers.  The Internet works because folks play by the rules, when working with IP routing and DNS services.  And if your predecessor used this address space (and not the likely 192.168.0.0/16 block), I'd look around to see if there were other unusual network configuration choices.
  TCP port 25 is the server-to-server mail port.  That's the main connection used among mail servers.  Blocking that has the effect that you've discovered.
  It's the clients that can also use that port that need to be relocated off the port, as the clients don't have the reverse DNS and related tests that would allow them access to that port, with various common server security configurations.
  Open TCP 587 at the firewall and ensure that this port is active at the mail server host, as a starting point.  You can test that with (among other tools) with a remote "telnet your.mail.server.host.name 587" command or similar; that's a primitive (but effective) (common) port test.
  With the Apple Mail client, make sure the SMTP server is configured to use the default SMTP ports.  Mail > Preferences > Account > Account Information > Edit SMTP Server > select the target SMTP server > Advanced > select "use the default ports (25, 465, 587)" and consider using SSL and authentication.  (Apple Mail tries a few ports automatically, so the set-up can be different than other clients.)
  I don't have enough space here for a full write-up on how mail or IP works, and setting up an arbitrary mail client or an IP network can be an adventure; I assumed the Apple mail client in the above.  See the user collaboration services disscussion of mail services in the Mac OS X Server Advanced Administration manual as some background.  (And if this stuff all looks a little cryptic, that's understandable, and you might want to consider getting some set-up help or consider moving to hosted mail services and making this stuff somebody else's problem.)

• Client/server

  Hi, i am doing a client/server arc .I have a server , that will connected to the oracle , using jdbc.The client here is an application, how do i change it to applet?
  The server code
  import java.sql.*;
  import java.util.Properties;
  import java.io.*;
  import java.net.*;
  public class CommentsServer extends Thread {
  public static final int DEFAULT_PORT = 7777;
  protected int port;
  protected ServerSocket server;
  String username ="combtest";
  String password = "combtest";
  public static void main (String args[]) {
  int port=0;
  if (args.length == 1) {
  try {
  port = Integer.parseInt (args[0]);
  } catch (NumberFormatException e) { }
  try {
       Class.forName("oracle.jdbc.driver.OracleDriver");
  String sourceURL ="jdbc:oracle:thin:@klm:1521:KLMPMIS";
  String user="combtest";
  String password="combtest";
  catch (Exception e) {
  System.err.println("Failed to load JDBC driver.");
  System.exit (1);
  new CommentsServer (port);
  public CommentsServer (int port) {
  super ("Comments Server");
  if (port == 0)
  port = DEFAULT_PORT;
  this.port = port;
  try {
  server = new ServerSocket (port);
  } catch (IOException e) {
  System.err.println ("Error creating server");
  System.exit (1);
  start();
  public void run() {
  System.out.println ("Server Running");
  ThreadGroup connections = new ThreadGroup ("Comment Connections");
  connections.setMaxPriority(this.getPriority()-1);
  try {
  while (true) {
  Socket client = server.accept();
  System.out.println ("Connection from: " + client.getInetAddress().getHostName());
  CommentsConnection c = new CommentsConnection (connections, client);
  } catch (IOException e) {
  System.err.println ("Exception listening");
  System.exit (1);
  System.exit (0);
  class CommentsConnection extends Thread {
  static int counter = 0;
  protected ObjectInputStream in;
  protected PrintWriter out;
  public CommentsConnection (ThreadGroup group, Socket client) {
  super (group, "Connection " + counter++);
  try {
  in = new ObjectInputStream (client.getInputStream ());
  out = new PrintWriter (client.getOutputStream(), true);
  } catch (IOException e) {
  try {
  client.close();
  } catch (IOException e2) { }
  System.err.println ("Unable to connect.");
  return;
  start();
  public void run () {
  try {
  String mode = (String)in.readObject();
  if (mode.equals("insert")) {
       String name=(String)in.readObject();
  try {
       String u="jdbc:oracle:thin:@klm:1521:KLMPMIS";
       Connection con=DriverManager.getConnection(u,"combtest","combtest");
       PreparedStatement prep=con.prepareStatement("Insert into TEST values(?)");
       prep.setString(1,name);
       if(prep.executeUpdate()!=1)
       throw new Exception("Bad update");
  } catch (Exception e) {
  out.println ("Error updating: " + e);
  return;
  } else if (mode.equals("query")) {
  try {
       Connection con=DriverManager.getConnection("jdbc:oracle:thin:@klmsph1:1521:KLMPMIS","combtest","combtest");
  Statement statement=con.createStatement();
  ResultSet result=statement.executeQuery("SELECT * FROM TEST");
  out.println("Name");
  int nameCol=result.findColumn("NAME");
  String name,user,comments;
  while(result.next())
       name=result.getString(nameCol);
       out.println(name);
  statement.close();
  con.close();
  } catch (Exception e) {
  out.println ("Error querying: " + e);
  return;
  } else {
  out.println ("Invalid Command: " + mode);
  } catch (Exception e) {
  out.println ("Error reading Stream: " + e);
  out.close();
  the client code
  import java.net.*;
  import java.io.*;
  import javax.swing.*;
  import java.awt.*;
  import java.awt.event.*;
  public class CommentsClient extends JApplet{
  TextArea ta;
  TextField name;     
  public static final int DEFAULT_PORT = 7777;
  private static final String QueryString = "query";
  private static final String InsertString = "insert";
  private int port = 0;
  private String host = null;
  private OutputStream os = null;
  public CommentsClient (String host, int port, OutputStream os) {
  this.host = host;
  this.port = ((port == 0) ? DEFAULT_PORT : port);
  this.os = os;
  query();
  public CommentsClient (String host, int port, OutputStream os,
  String name) {
  this.host = host;
  this.port = ((port == 0) ? DEFAULT_PORT : port);
  this.os = os;
  insert(name);
  private void query () {
  PrintWriter out = new PrintWriter (os, true);
  try {
  Socket s = new Socket (host, port);
  ObjectOutputStream oos = new ObjectOutputStream (s.getOutputStream());
  // PrintWriter out=new PrintWriter(s.getOutputStream(),true);
  oos.writeObject (QueryString);
  oos.flush();
  BufferedReader in = new BufferedReader (new InputStreamReader (s.getInputStream()));
  String line;
  while ((line = in.readLine()) != null) {
  out.println (line);
  out.close();
  s.close();
  } catch (IOException e) {
  out.println ("Error querying." + e);
  return;
  private void insert (String name) {
  PrintWriter out = new PrintWriter (os, true);
  try {
  Socket s = new Socket (host, port);
  ObjectOutputStream oos = new ObjectOutputStream (s.getOutputStream());
  oos.writeObject (InsertString);
  oos.writeObject (name);
  oos.flush();
  BufferedReader in = new BufferedReader (new InputStreamReader (s.getInputStream()));
  String line;
  while ((line = in.readLine()) != null) {
  out.println (line);
  oos.close();
  s.close();
  } catch (IOException e) {
  out.println ("Error inserting." + e);
  return;
  public static void main (String args[]) {
  if (args.length == 0) {
  CommentsClient cc = new CommentsClient ("localhost", 0, System.out);
  } else if (args.length == 1) {
  CommentsClient cc = new CommentsClient ("localhost", 0, System.out, args[0]);
  the applet (acts as an interface)
  import java.awt.*;
  import java.awt.event.*;
  import java.applet.Applet;
  import java.io.*;
  //<applet code = "CommentsApplet" width = 800 height = 600>
  //</applet>
  public class CommentsApplet extends Applet {
  TextArea ta;
  TextField name;
  TextField user;
  TextField comments;
  public void init () {
  Panel p1 = new Panel(new BorderLayout(10, 10));
  Button b1 = new Button ("Query");
  p1.add (b1, BorderLayout.SOUTH);
  ta = new TextArea ();
  ta.setEditable(false);
  p1.add (ta, BorderLayout.CENTER);
  b1.addActionListener (new ActionListener() {
  public void actionPerformed (ActionEvent e) {
  ByteArrayOutputStream bao = new ByteArrayOutputStream();
  CommentsClient cc = new CommentsClient ("localhost", 0, bao);
  ta.setText (bao.toString());
  add (p1);
  Panel p2 = new Panel (new BorderLayout (10, 10));
  Button b2 = new Button ("Insert");
  p2.add (b2, BorderLayout.SOUTH);
  Panel p3 = new Panel();
  name = new TextField ("", 10);
  p3.add (name);
  p2.add (p3, BorderLayout.CENTER);
  b2.addActionListener (new ActionListener() {
  public void actionPerformed (ActionEvent e) {
  ByteArrayOutputStream bao = new ByteArrayOutputStream();
  CommentsClient cc = new CommentsClient ("localhost", 0, bao, name.getText());
  ta.setText (bao.toString());
  add (p2);
  the html file
  <html>
  <body>
  <hr>
  <applet
  code=CommentsApplet.class
  width = 400
  height = 400
  >
  </applet>
  <hr>
  </body>
  </html>
  Thanks in advance,
  Jessy

  hi
  I have no idea what you are doing. Strange programming
  public class CommentsClient extends JApplet why does it extends JApplet when it isn't a JApplet but an application
  and why is there a second applet
  public class CommentsApplet extends Applet (should this be extends JPanel??)
  but for normal classes this is the procedure
  rename the constructor in "public void init()" the method init is automaticly called by the browser.
  remove the main method if there is some code in the main method that needed move it to the init method. ( in your case the arguments can't be read from the command line but must be read out of the *.html file )

• How to validate a server in client-server application

  I am considering a client server application for a masters project. One of the core requirements for this application would be to ensure that the server could not be replaced. This would be easy to do using public/private keys. The client creates a message and encrypts using servers public key, then sends to the server. The server decrypts, processes, creates response, and encrypts using its private key. This works, however the public and private keys need to be in the source code. It looks like keystores may fix that problem, however the password to the key store would then be required. For this application to be usefull, I need to find a way to embed a password or encryption key in a .classfile in a way that it can not be retrieved by decompiling or parsing for strings. Anyone have ideas on how this could be done, or a different method I could use to guarantee that the response coming from a server process is from my server program and not a fake program?

  More detail. The program is a network license server (not web based). We need a simple license server for internal use, so that we can track usage and limit concurrent users for custom software. We also need some security so that people can not take the software home and use it. We have looked at commercial applications, however they are very expensive and we can not justify the cost since this is for internal software. There are 3 main pieces to a license server, the client libraries, the server, and the key generator. For the license server to be usefull, it should be impossible (or very very difficult) for someone to generate their own keys and add them to the license server. It should also be very difficult for them to create a fake license server that will grant licenses to clients without needing keys. If public/private key encryption is used, then the client would need to know the servers public key and their private key. These keys would need to be compiled into the program, stored in a key store, or looked up at run time from some other resource. The server would need to know its private key, and the clients public key. Since this is internal software, we can limit access to the server software, so it would be ok to compile the keys into the code (not ideal but secure enough for out use). However if I use this program as my Masters project, I would need to figure out a better way to secure it. The generic problem is how to give someone two programs that talk to each other, and be able to ensure that they do not fake one of the programs?

• FU Ant task failure: java.util.concurrent.ExecutionException: could not close client/server socket

  We sometimes see this failure intermitently when using the FlexUnit Ant task to run tests in a CI environment. The Ant task throws this exception:
  java.util.concurrent.ExecutionException: could not close client/server socket
  I have seen this for a while now, and still see it with the latest 4.1 RC versions.
  Here is the console output seen along with the above exception:
  FlexUnit player target: flash
  Validating task attributes ...
  Generating default values ...
  Using default working dir [C:\DJTE\commons.formatter_swc\d3flxcmn32\extracted\Source\Flex]
  Using the following settings for the test run:
  FLEX_HOME: [C:\dev\vert-d3flxcmn32\302100.41.0.20110323122739_d3flxcmn32]
  haltonfailure: [false]
  headless: [false]
  display: [99]
  localTrusted: [true]
  player: [flash]
  port: [1024]
  swf: [C:\DJTE\commons.formatter_swc\d3flxcmn32\extracted\build\commons.formatter.tests.unit.sw f]
  timeout: [1800000ms]
  toDir: [C:\DJTE\commons.formatter_swc\d3flxcmn32\reports\xml]
  Setting up server process ...
  Entry  [C:\DJTE\commons.formatter_swc\d3flxcmn32\extracted\build] already  available in local trust file at  [C:\Users\user\AppData\Roaming\Macromedia\Flash  Player\#Security\FlashPlayerTrust\flexUnit.cfg].
  Executing 'rundll32' with arguments:
  'url.dll,FileProtocolHandler'
  'C:\DJTE\commons.formatter_swc\d3flxcmn32\extracted\build\commons.formatter.tests.unit.swf '
  The ' characters around the executable and arguments are
  not part of the command.
  Starting server ...
  Opening server socket on port [1024].
  Waiting for client connection ...
  Client connected.
  Setting inbound buffer size to [262144] bytes.
  Receiving data ...
  Sending acknowledgement to player to start sending test data ...
  Stopping server ...
  End of test data reached, sending acknowledgement to player ...
  When the problem occurs, it is not always during the running of any particular test (that I am aware of). Recent runs where this failure was seen had the following number of tests executed (note: the total number that should be run is 45677): 18021, 18, 229.
  Here is a "good" run when the problem does not occur:
  Setting inbound buffer size to [262144] bytes.
  Receiving data ...
  Sending acknowledgement to player to start sending test data ...
  Stopping server ...
  End of test data reached, sending acknowledgement to player ...
  Closing client connection ...
  Closing server on port [1024] ...
  Analyzing reports ...
  Suite: com.formatters.help.TestGeographicSiteUrls
  Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.008 sec
  Suite: com.formatters.functionalUnitTest.testCases.TestNumericUDF
  Tests run: 13, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.071 sec
  Results :
  Tests run: 45,677, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 201.186 sec
  Has anyone else ran across this problem?
  Thanks,
  Trevor

  I am not sure if this information will help everyone, but here goes...
  For us, these problems with FlexUnit tests crashing the Flash Player appear to be related to couple of factors. Recently, we moved up from Flex 3.2 to Flex 4.1 as our development baseline.  Many people complained that their development environment (Flash Builder, etc.) was much more unstable.  Apparently, 4.1 produces SWFs that require more memory to run than 3.2 does?  Anyway, we still had Flash Player 10.1 as our runtime baseline.  Apparently, that version of the player was not as capable of running larger FlexUnit test SWFs, and would crash (as I posted months earlier).  I upgraded to the latest 10.3 standalone player versions, and the crashes have now ceased.  It would be nice to know exactly what was causing the crashes, but memory management (or lack of) is my best guess.
  So, if you are seeing these issues, try upgrading to the latest Flash Player version.
  Regards,
  Trevor