Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470379308
Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB
Cover image for product 047041569X
LINQ-ifying TheBeerHouse: An N-Tier LINQ Web Application with ASP.NET 2.0 Website Programming Problem Design Solution
Write for Wrox: Programmers writing for programmers
  Return to Index  

pro_jsp thread: downloaded classes : security prob on servlet-based apps..

Message #1 by "Rema Remulta" <remaremulta@y...> on Tue, 5 Mar 2002 09:46:39 +0800
This is a multi-part message in MIME format.

------=_NextPart_000_0042_01C1C5BA.49B126A0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

  Hi!

  I don't seem get your point.  I understood that what should only be 
downloaded in the client/web browser are HTML, image ,text etc...but in 
our case I see class files being downloaded too in the client machine or 
work station which shouldn't be...How come this happens? I just wonder 
why...Any thoughts about this? The class files are stored in the 
C:\winnt\local settings\temporary internet files for WinNT4 and 
C:\documents and settings\...\local settings\temporary internet files 
for Win2K when you are running the app...

  Rema

  ---- Original Message -----
  From: Julio Oliveira
  To: Pro_JavaServer_Pages
  Sent: Tuesday, March 05, 2002 9:10 PM
  Subject: [pro_jsp] RE: downloaded classes : security prob on 
servlet-based apps..


  Hi
  U know that when a browser do a request to the server, it send a html 
response to the browser, only there class going to the browser with 
applets.
  The user don=B4t have the class to decompiler it, only the own of the 
soft have the web aplications and the class.
  
  
  saludos
  Julio Oliveira
  Buenos Aires - Argentina
  ------------------------
  Oliveira_Julio@y...
  ICQ  65689456
   

    -----Mensaje original-----
    De: Rema Remulta [mailto:remaremulta@y...]
    Enviado el: Lunes, 04 de Marzo de 2002 10:47 p.m.
    Para: Pro_JavaServer_Pages
    Asunto: [pro_jsp] downloaded classes : security prob on 
servlet-based apps..


    Hi!

    Hope anyone of you who are into servlet-based web development have 
noticed this problem. This is referring to the classes that are 
downloaded onto the local drive when running a web app in the client 
machine....Certainly, I would start thinking on the security issue on 
developing servlet- based web applications as everyone knows that there 
is such tool as decompiler to decompile class files into java files. 
This is pretty dangerous, don't you think? Have you guys anticipated 
this problem and already have solution to this one? I badly need your 
profund ideas or suggestions or any point of views for that matter...Is 
there something that we have to configure or to set up on the machine 
where the web server is running pertaining to security? or anything else 
missing?
    BTW, we're using tomcat 3.2.1

    
    Thanks in advance.

    Rema
$subst('Email.Unsub').
$subst('Email.Unsub').

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy