On Monday 03 March 2008, Jinyuan Zhou wrote:
> It appears to me that XTrustProvider.install() allows you to bypass the
> validation. Just make sure this is want you wanted, especially if your
> webservice client is running inside big JEE app.
> Cheers,
> Jack
Hi Jinyuan,
Thanks for the heads up.
I understand that this is essentially a hack to make java to work with self
signed servers. If there is really a security concern or any probability for
a man in the middle attack for sure this advice is not applicable.
My understanding is:
--------------------
If someone is interested in a serious JEE application then he should buy the
appropriate certificate.
If someone is just evaluating or playing with non critical or confidential
data he can lax the security validation a bit...
bill
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
