Tag: security

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. Android 2.3

android android-sdk-2.3 java security ssl

In my server (production server), I have a goDaddy ssl certificate. I have both iOS and Android apps connecting with the server, iOS connecting with no problems, android with versions 4.* everything is good, but with devices with 2.3.* I always get a SSLHandshakeException. I did exactly like on Android Develo…

Java 7 support of AES-GCM in SSL/TLS?

aes java security ssl

According to Java 7 documentation as well as third party vendors, it appears Java 7 should support AES-GCM suites: ibm java 7 java 7 ssl doc I was hitting some errors in negotiation between client and server unable to negotiate a cipher due to restricting it to only the AES-GCM ciphers. After investigation I …

Security Framework for Java Swing Applications

desktop-application java security swing

Is there a security Framework available for Java Desktop Applications? When I searched on google I saw persons talking about Spring Security, however it seems to be chiefly web-based. I have been using ordinary java code(Login forms, jdbc) to implement User Level security but I am not comfortable programming …

Are server 500 errors a security issue?

gwt java security

I’ve found that it’s possible to cause 500 errors on a server using curl and a faked GWT-Permutation with a POST payload. The payload is generating a java.lang.Exception on an Apache server. Does this open up a security issue? Should I report it to Google’s GWT support? To clarify the questi…

Microsoft ISA Server Authentication in Android

android java ntlm security

I have an application in Android, in which I were reading files from the remote server, code for reading file is given below; Now all the remote files are behind proxy (Microsoft ISA Server) which required authentication to access the files. Please guide me how I can pass authentication parameters from androi…

Web app user authentication with 2 production servers using spring security

authentication java security spring-security

Working on the server side of a java based web application (will serve mobile and web clients) and I need to implement users authentication. In production I have 2 servers (duplicated, working against …

Get path from FileDescriptor in Java

java jsm permissions security

Some quick background on my problem: I’m writing a compiler that converts Domain Type Enforcement specs into Java Security Manager code. In a nutshell, DTE defines “types” (objects), assigns paths to those types; then defines “domains” (subjects), and defines what permissions (rw…

PKCS#12 : DerInputStream.getLength() exception

certificate java pkcs#12 security

I generate a certificate using the keytool command: Then if I try to load it using java security API, after getting the file as a byte[] : I get a DerInputStream.getLength(): lengthTag=127, too big exception. What is wrong? Answer I had this problem and I’ve searched the depths of google and still could…

how to accept self-signed certificates for JNDI/LDAP connections?

java jndi ldap security ssl

I need to connect to an LDAP directory over SSL. In non-production environments, we use self-signed certificates which, of course, fails to validate with: I am aware of how to use a custom trust manager for SSL-enabled connections, but don’t know how to use one in connection with the JNDI API where I do…