J
Joel Beach
Hi everyone,
I am developing a Swing application at the moment and am a little confused
about JAAS. Mainly the authentication part of the equation. I want to use
a simple provider (as a prototype) which authenticates against something like
an XML file, with usernames and MD5-hashed passwords.
It seems that I need a Configuration telling JAAS how to authenticate and
so on, allowing me to plug in different ways to authenticate later without a
recompile.
My question is: How do you protect the text file containing the Configuration
from the user in Windows? Couldn't they simply edit it to point to some RDMBS
where they've setup some bogus user accounts?
Also, I realise that a user could also generate their own MD5 hash and edit
the XML file I'm authenticating against. For the prototype, I don't really
care about this, but I was wondering how people generally deal with users
editing files like this manually?
Thanks,
Joel
I am developing a Swing application at the moment and am a little confused
about JAAS. Mainly the authentication part of the equation. I want to use
a simple provider (as a prototype) which authenticates against something like
an XML file, with usernames and MD5-hashed passwords.
It seems that I need a Configuration telling JAAS how to authenticate and
so on, allowing me to plug in different ways to authenticate later without a
recompile.
My question is: How do you protect the text file containing the Configuration
from the user in Windows? Couldn't they simply edit it to point to some RDMBS
where they've setup some bogus user accounts?
Also, I realise that a user could also generate their own MD5 hash and edit
the XML file I'm authenticating against. For the prototype, I don't really
care about this, but I was wondering how people generally deal with users
editing files like this manually?
Thanks,
Joel