applet caching

[Matthijs Blaas]

I found that when an applet is cached (using Sun jvm), it's placed in the
Sun\Java\Deployment\cache\javapi\jar\ folder. The files are saved with
somekind of checksum added to them (fx: file1.jar-md5checksum.zip). Does
this prevent hackers from modifying the applet and have the website execute
a modified applet instead of the original one? If so, is this security
mechanism provided with every jvm? (ie MS, IBM etc?)

Does anyone know anything about this?

Thanks in advance!

-Thijs

 

[Rogan Dawes]

I found that when an applet is cached (using Sun jvm), it's placed in the
Sun\Java\Deployment\cache\javapi\jar\ folder. The files are saved with
somekind of checksum added to them (fx: file1.jar-md5checksum.zip). Does
this prevent hackers from modifying the applet and have the website execute
a modified applet instead of the original one? If so, is this security
mechanism provided with every jvm? (ie MS, IBM etc?)

Does anyone know anything about this?

Thanks in advance!

-Thijs

Matthijs,

I suggest that you have a look at some of the Open Web Application
Security stuff (http://www.owasp.org/), as well as at tools such as
WebScarab (http://www.owasp.org/development/webscarab or
http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61823)

Essentially, WebScarab (and other similar tools you can find via
http://dawes.za.net/rogan/exodus/comparison.php) allows an attacker to
interfere with whatever data is being sent between the client and the
server.

In your case, it depends on the value of your information, as to what
lengths you want to go to to protect it, but you might get some good
information from the OWASP Guide
(http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=62287)

Regards,

Rogan