Hi, If the applet communicates with the backend using RMI ( most often used mechanism ), the data exchanged won't be encrypted.
If the applet establishes http connection wit the backend, then again the data won't be encrypted. ( As Jeff observes ). If the applet uses https:// then you have an interesting situation -- when the browser uses https:// it makes use of its own certificate database and certificate validation logic. For applet, the certificate database would be different ( the one that comes with the JDK or JRE ) and the validation logic is also different. For example, if the server presents a certificate that is expired or signed by a non-trusted CA then the browser would prompt the user but the Java code running within applet will just refuse connection. As far as I know, security providers bundled with SUN's JDK do not integrate very well with PKI security infrastructure of browsers. /Pankaj. -----Original Message----- From: Jeff Turner To: Tomcat Users List Sent: 5/24/02 11:47 PM Subject: [OT] Re: Applet and SSL On Fri, May 24, 2002 at 04:05:28PM -0700, Bing Zhang wrote: > Hi, > > We are evaluating a web application with applet as front end. It runs well > on our machine with regular http. > > Now we want to run it through SSL. If the front end are pure html pages, we > are not concerned since the web browser will take care the SSL issue and > encrypt the traffic automatically. But because the front end is applet, we > are not sure. Will browser take care of the enryption automatically? or in > short, do we only need to configure our web server to run SSL, there is no > modification on both server and applet code? Does the applet do any HTTP requests to the server it came from? If so, you may have problems if the applet has hardcoded "http://..."; URLs, instead of using getDocumentBase() to determine 'http' or 'https'. --Jeff > Thanks > > Bing -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
