Gregory, On 2/15/16 11:18 AM, Dougherty, Gregory T., M.S. wrote: > How to trade information with a specified URL calling java code in > tomcat/lib: > > 1: Servlet calls Decryptor.start (String whoIAm, int validator, int xOr)
What prevents the servlet from specifying whoIAm="someoneElse"? > 2: Code calls Servlet http get with id=randomly generated int Which code calls Servlet HTTP? > 3: Servlet returns validator in response to the http get call. 0 is not a > valid validator, it¹s what the Servlet returns if it doesn¹t have an > outstanding call to Decryptor.start But the whole point is that you don't trust the servlet, right? What is the servlet always returns the same value? Any servlet could impersonate any other one. > 4: Having received the random number from the http get call, Servlet xors > it with xOr, and calls Decryptor.decrypt (String whoIAm, String password, > int xOred) So, the servlet makes the HTTP request and manages the checking? I really don't get it. > 5: Code checks xOred against whoIAm. If gets a match decrypts the > password and returns it from Decryptor.decrypt. After all that, it's okay for the servlet to be able to read its own database password? Why not just give the servlet access to a DataSource with the password already set inside it? > What I¹d rather have is a Tomcat provided Class with a static method that > returns the calling URL. Show me an implementation that Tomcat could provide that the servlet could not tamper with. > But so long as I can make the following two calls from my code: > > URL theURL = new URL (urlString); > HttpURLConnection uc = (HttpURLConnection) theURL.openConnection (); > > I think I¹m good. > > Flaws? Let's see: Constructed dubious use case? CHECK Rolled your own security code? CHECK Used highly-secure XOR algorithm? CHECK Complicated enough to seem plausible? CHECK Confused objective leads to trivial attacks? CHECK I think you've got all the bases covered, here. I still don't understand what's being protected from whom, here. It looks like the code is very complicated in order to keep the password from the code, but then the code is given the password anyway. If you trust the code but not the admin, then why bother with the complex code? -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
