Bill, Yes, I totally agree with you. Jack On Mon, Mar 3, 2008 at 8:02 AM, Vassilis Virvilis <[EMAIL PROTECTED]> wrote:
> On Monday 03 March 2008, Jinyuan Zhou wrote: > > It appears to me that XTrustProvider.install() allows you to bypass the > > validation. Just make sure this is want you wanted, especially if your > > webservice client is running inside big JEE app. > > Cheers, > > Jack > > Hi Jinyuan, > > Thanks for the heads up. > > I understand that this is essentially a hack to make java to work with > self > signed servers. If there is really a security concern or any probability > for > a man in the middle attack for sure this advice is not applicable. > > My understanding is: > -------------------- > > If someone is interested in a serious JEE application then he should buy > the > appropriate certificate. > > If someone is just evaluating or playing with non critical or confidential > data he can lax the security validation a bit... > > > bill > > > > -- Some people lived like they will never die and died like they have never lived
