Https / Security Question

I made an applet which connects to an https server. I want to ensure that a rogue applet cannot call the servlet the same way my real applet can. If a rogue applet could get in, I would have to write additional code to perform login authentication before executing the remainder of the servlet.
I was wondering if the login authentication is necessary or not because maybe the HttpsURLConnection is satisfactory enough to prevent unauthenticated calls???
I have the following code demonstration below.
APPLET
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.net.ssl.HostnameVerifier;
import java.net.URL;
import java.net.HttpURLConnection;
import java.io.ObjectOutputStream;
import java.io.ObjectInputStream;
import java.util.TreeMap;
import java.util.Iterator;
public class AppletTest {
   public final static void main( String[] args ) {
      try {
         final Object[] oArr = new Object[]{"paramForServletA", "paramForServletB"};
   //    final URL url = new URL( "http://localhost/servletPath/MyServlet" );
   //    final HttpURLConnection servletConnection = ( HttpURLConnection ) url.openConnection();
         final URL url = new URL( "https://mySite.com/servletPath/MyServlet" );
         final HttpsURLConnection servletConnection = ( HttpsURLConnection ) url.openConnection();
         servletConnection.setHostnameVerifier(
            new HostnameVerifier() {
               public boolean verify( final String urlHost, final SSLSession ssls ) {
                 return true;
         servletConnection.setDoInput( true );
         servletConnection.setDoOutput( true );
         servletConnection.setUseCaches( false );
         servletConnection.setDefaultUseCaches( false );
         servletConnection.setRequestProperty( "Content-type", "application/octet-stream" );
         // Read the object to the servlet
         final ObjectOutputStream outputToServlet = new ObjectOutputStream( servletConnection.getOutputStream() );
         outputToServlet.writeObject( oArr );
         outputToServlet.flush();
         outputToServlet.close();
         // Read the input from the servlet.
         final ObjectInputStream inputFromServlet = new ObjectInputStream( servletConnection.getInputStream() );
         final Object result = inputFromServlet.readObject();
         inputFromServlet.close();
         System.out.println( "Data: " +(String)result );
      catch ( Exception e ) {
         System.out.println( "Could not establish Connection : " + e.toString() );
}SERVLET
public final class MyServlet extends HttpServlet {
   public void doPost( HttpServletRequest request, HttpServletResponse response ){
     ObjectInputStream inputFromApplet = new ObjectInputStream( request.getInputStream() );
     Object[] args = ( Object[] ) inputFromApplet.readObject();
     //etc...
     ObjectOutputStream outputToApplet = new ObjectOutputStream( response.getOutputStream() );
     outputToApplet.writeObject( data );
     outputToApplet.flush();
     outputToApplet.close();
}If I call this with a HttpURLConnection I can see the data returned, which is bad since I may be a rogue applet. If I call it with an HttpsURLConnection I get the following message:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate foundIs the HttpsUrlConnection good enough, or should additional measures be taken?

Authentication via HTTPS might involve putting a
certificate on the client where your applet is
running.Are you saying a signed applet? Or is this a
completely different thing?Completely different thing. When you install SSL on your server, you get a certificate from Verisign or somebody else in the trust business, and the idea is that the certificate verifies to your client, via SSL, that your server is really your server and not some other pirate box pretending to be your server.
Likewise you could install a certificate on your client. That certificate would then verify to you that your client was really your client and not some other pirate box. Client certificates aren't used much, because it's a hassle to create them and get them installed on your client, but they do exist.

Similar Messages

  • My iPad wont let me download apps bc security questions, but when I try to make them it freezes

    Every time I try to download an app it tells me I need to update my security questions, but once I click to make the questions the box goes white. So I'm not sure how to fix it

    The new questions show on your account on http://appleid.apple.com ? If they do then try logging out and back into your account on your phone (assuming that is where you are trying to purchase from) and see if the new questions then show on it.

  • My old email account was disabled and I can't remember my password - how can I reset my password or move $ to a new itunes/email account?  It seems I must have mis-typed my information because I can't answer the security questions correctly...

    My old email account is disabled and I can't remember my itunes password - how can I reset my password or move $ to a new itunes/email account?  It seems I must have mis-typed my account information because I can't answer the security questions correctly...

    ➡ https://iforgot.apple.com/

  • How can you change your security question for I tunes?

    How can you change your security question for I tunes?

    If you have a rescue email address (which is not the same thing as an alternate email address) set up on your account then the steps half-way down this page give you a reset link on your account : http://support.apple.com/kb/HT5312
    If you don't have a rescue email address (you won't be able to add one until you can answer 2 of your questions) then you will need to contact iTunes Support / Apple to get the questions reset.
    Contacting Apple about account security : http://support.apple.com/kb/HT5699
    When they've been reset (and if you don't already have a rescue email address) you can then use the steps half-way down the HT5312 link above to add a rescue email address for potential future use

  • I've forgot my answers for security questions. Can't you reset them or do something like this?

    I have bought a new iphone 5s a week ago. Today I wanted to purchase an app. And the security system asked me for an answer for my security questions.  But I don't remember them. What should I do?

    Frequently asked questions about Apple ID - http://support.apple.com/kb/HE37 --> Can I change the answers to the security questions for my Apple ID?  --> Yes. You can change the answers to the security questions provided when you originally signed up for your Apple ID. Go to My Apple ID (http://appleid.apple.com/) and click Manage your account.
    Some Solutions for Resetting Forgotten Security Questions - https://discussions.apple.com/docs/DOC-4551
    Rescue email address and how to reset Apple ID security questions - http://support.apple.com/kb/ht5312 - "If you can't recall your Apple ID security questions and answers, the optional rescue email provides a way to reset them. Additionally, all future security-related emails for your Apple ID will be sent to the rescue email address."
    Jan 2014 post about contacting Apple to reset security questions - https://discussions.apple.com/message/24543247 and https://discussions.apple.com/message/24671039
    If you can't remember them over the space of a week you had better write them down.

  • HT2204 I don't remember the answers to the security question to authorize my new laptop to use iTunes. How to sort this problem?

    iTunes requires me to answer to a couple of security questions to authorize me to use it on my new mac book pro, but I don't rimember the answer to them. I can I sort out this problem?
    Thank you for helping...
    Danila63

     Account Security Team (AST) 
    Check the AppleCare number for your country here:
    http://support.apple.com/kb/HE57
    Call them up, and let them know you would like to be transferred to the Account Security Team.

  • How do you change your rescue email address if it's wrong and you need to update your security questions for your Apple I'D?

    When downloading apps I am asked for my apple ID which works but I can't get past the security questions. Then when I ask to reset the questions it sends an email to a rescue email address that no longer exists. Does anybody know where I can reset this email address?

    On your computer or safari on your iOS device navigate to:
              For Canada - https://appleid.apple.com/ca.
              For United States - https://appleid.apple.com/us/.
    Click the "Manage your Apple ID" button, and sign in to your iCloud account.  Once in, on the left side select "Password and Security", and this will populate our options on the right side.  You should see an option to reset your security questions. 
    Also see this article - http://support.apple.com/kb/HT5312. 
    If for any reason you can not reset these security questions, or get an error, then you may need to contact Apple directly at 1 800 692 7753.  Explain the issue, and they can get your to a "Account Security" agent, who will be able to verify your identity, and assist in resetting the security questions.

  • I forgot my security question. how can i change it?

    im trying to buy an app on my iphone and its asking me my security question but i forgot them and now its saying im apple ID is locked and unable to purchase

    http://support.apple.com/kb/HT5312
    -If you established a rescue email address, there will be a link on the "Passwords & Security" page of id.apple.com.  Clicking the link will send the reset to your rescue email address (NOTE:  This is not the same address as your Apple ID email)
    -If there is no link on the page, then you didn't establish a rescue email address.  Contact AppleCare at 800.694.7466 (If you are in the US), and ask for account security.  You will need to answer some questions to verify your identity, AND you will need access to a computer to generate a temporary support pin.
    -If you are not in the US, click http://support.apple.com/kb/HT5699 - Apple ID: Contacting Apple for help with Apple ID account security
    HTH

  • To download an App the 3 security questions are required. But at the end, apple is not able to complete the task and gives an error message. No more downloads are possible. What can I do?

    to download an App the 3 security questions are required. But at the end, apple is not able to complete the task and gives an error message. No more downloads are possible. What can I do?

    Very Important, how much Free Space is on your Hard Drive first of all? Click on the Macintosh HD on the Desktop, then do a Get Info on it.
    Could be many things, we should start with this...
    "Try Disk Utility
    1. Insert the Mac OS X Install disc, then restart the computer while holding the C key.
    2. When your computer finishes starting up from the disc, choose Disk Utility from the Installer menu at top of the screen. (In Mac OS X 10.4 or later, you must select your language first.)
    *Important: Do not click Continue in the first screen of the Installer. If you do, you must restart from the disc again to access Disk Utility.*
    3. Click the First Aid tab.
    4. Select your Mac OS X volume.
    5. Click Repair Disk, (not Repair Permissions). Disk Utility checks and repairs the disk."
    http://docs.info.apple.com/article.html?artnum=106214
    Then try a Safe Boot, (holding Shift key down at bootup), run Disk Utility in Applications>Utilities, then highlight your drive, click on Repair Permissions, reboot when it completes.
    (Safe boot may stay on the gray radian for a long time, let it go, it's trying to repair the Hard Drive.)
    If perchance you can't find your install Disc, at least try it from the Safe Boot part onward.
    Do they launch OK while in Safe Mode?

  • My ipod wont let me buy apps etc... keeps saying this is the first time this device has been used and to sign in and answer security questions. I have had this account for years but cant remember the answer to the security questions. How can i fix it?

    My iPod touch wont let me buy anything, i've beem using this account for a couple of years and now it says that this is the first ime this id has been used on my device... it's not.... and to sign in and answer security questions. i cant remember the answers to the questions. How can i fix this without making a new account and losing all my stuff???

    From a Kappy  post
    The Three Best Alternatives for Security Questions and Rescue Mail
       1. Use Apple's Express Lane.
    Go to https://expresslane.apple.com ; click 'See all products and services' at the
    bottom of the page. In the next page click 'More Products and Services, then
    'Apple ID'. In the next page select 'Other Apple ID Topics' then 'Forgotten Apple
    ID security questions' and click 'Continue'. Please be patient waiting for the return
    phone call. It will come in time depending on how heavily the servers are being hit.
    2.  Call Apple Support in your country: Customer Service: Contact Apple support.
    3.  Rescue email address and how to reset Apple ID security questions.
    A substitute for using the security questions is to use 2-step verification:
    Two-step verification FAQ Get answers to frequently asked questions about two-step verification for Apple ID.

  • My new iphone 5 wont let me download music or apps i have to answer 2 security questions i dont remember my answers is been so long how do i get past this to get my music

    my new iphone 5 wont let me download music of apps i have to answer 2 security questions its been so long since i have used these i dont remember the answers how can i get past this to download?

    In order to get those to work you will have to upgrade to Snow Leopard 10.6.8.
    Start by checking if you can run Snow Leopard:
    Requirements for OS X 10.6 'Snow Leopard'
    http://support.apple.com/kb/SP575
    The OS 10.6 Snow Leopard install DVD is available for $19.99 from the Apple Store:
    http://store.apple.com/us/product/MC573/mac-os-x-106-snow-leopard
    and in the UK:
    http://store.apple.com/uk/product/MC573/mac-os-x-106-snow-leopard
    but nobody knows for how long it will be available.
    When you have installed it, run Software Update to download and install the latest updates for Snow Leopard, preferably the full 10.6.8 combo updater.

  • Trying to download mountain lion, but when I try to download it, asks me security questions I dont remember the answers to, so I reset the questions, but old ones still pop up when I try to download mountain lion.  How do I change the questions for good?

    I dont get why it asks me for my password and two security questions when just buying something from the app store, but the questions wont change.

    The Three Best Alternatives for Security Questions and Rescue Mail
        1. Use Apple's Express Lane.
              Go to https://expresslane.apple.com ; click 'See all products and services' at the
              bottom of the page. In the next page click 'More Products and Services, then
              'Apple ID'. In the next page select 'Other Apple ID Topics' then 'Forgotten Apple
              ID security questions' and click 'Continue'. Please be patient waiting for the return
              phone call. It will come in time depending on how heavily the servers are being hit.
         2.  Call Apple Support in your country: Customer Service: Contact Apple support.
         3.  Rescue email address and how to reset Apple ID security questions.
    A substitute for using the security questions is to use 2-step verification:
    Two-step verification FAQ Get answers to frequently asked questions about two-step verification for Apple ID.

  • I have an iPod 5th generation and it is my second iPod but when I try to buy a song it says I need to answer security questions but they are ones I don't recognize or know the awnser to!! Help!!

    My second iPod is a 5th generation and when I try to buy something it says it needs make sure I am who I say I am and it makes me answer security questions. But the problem is I don't know the answers to them. I did not choose them. And if I can't find an answer I can't buy anything!!! Help!!!!

    You need to log in to your Apple ID and change you security questions.  Take a look at this link, http://www.apple.com/support/appleid/

  • My ipad wont let me buy any thing i have about 26 dollars and it says i need to confirm my account with security questions that i for got is there a way to change them?

    i have 26 dollars and want to buy an app for .99 it says i need to answer security questions but i for got the answers am i able to reset those questions or i can't

    If you have a rescue email address (which is not the same thing as an alternate email address) set up on your account then the steps half-way down this page give you a reset link on your account : http://support.apple.com/kb/HT5312
    If you don't have a rescue email address (you won't be able to add one until you can answer 2 of your questions) then you will need to contact iTunes Support / Apple to get the questions reset.
    Contacting Apple about account security : http://support.apple.com/kb/HT5699
    When they've been reset (and if you don't already have a rescue email address) you can then use the steps half-way down the HT5312 link above to add a rescue email address for potential future use

  • HT201363 I've changed my security questions, but when I try to make a purchase it still asks for my OLD questions ?

    ive changed my security questions but when I try to make a purchase it still asks me to enter my old questions.. Why is that ?

    The new questions show on your account on http://appleid.apple.com ? If they do then try logging out and back into your account on your phone (assuming that is where you are trying to purchase from) and see if the new questions then show on it.

Maybe you are looking for

  • Qs about call FM in background task, and monitoring in SM37.

    Hi, guys, i got a question here, if I call a FM using addition "in background task" in a Z program, does this mean the FM process is running in background? And can I monitor my task in sm37? i've tried to do that, the FM was successfully proceeded, b

  • G5 10.5.8 + Mac the Ripper + Popcorn 2

    I had Mac the Ripper and Popcorn 2 before I got my latest computer and hadn't tried to use it until now. I'm having trouble getting Popcorn to work for me. Mac the Ripper is working just fine and I'm able to use Mpeg Streamclip to export video into a

  • Receiver mail with attachment name by default

    Hello all, I have a scenario IDOC -> PI -> MAIL. In my output mail, i want,for example and by default, that my attachment's name is "document1.xml". I've checked the case 'keep attachments' in my CC receiver mail and tried to use the Payloadswapbean

  • SLD Connection failed

    Hi all, I'm having problems at connecting to the SLD from the Content Administrator. The only button I can use is to check the SLD connection, but this fails. In the SLD I'm also having problem,s with starting and stopping the SLD Server: "Failed to

  • Transfer rating jpeg's to RAW files

    Hi everybody, Here's my thing : after rating my jpeg's, I only want to keep the corresponding RAW files (I'm always shooting in jpeg & RAW at the same time). How can I delete the remaining RAW files without having to select everything manually ? I'm