保护JAAS配置文件
[英]Securing JAAS config file
问题描述
I'm developing a Java application which is run in Windows domain environment. 
我正在开发在Windows域环境中运行的Java应用程序。 To authenticate users I'm using Krb5LoginModule available in JAAS. 为了验证用户身份,我使用JAAS中提供的Krb5LoginModule。 JAAS Login Configuration File (let's call it jaas.conf) is embedded in application jar, which is stored on network share (read-only access). JAAS登录配置文件(简称为jaas.conf)嵌入在应用程序jar中,该文件存储在网络共享中(只读访问)。
Now every user can copy the application jar to his local disk, edit jaas.conf, and set his own LoginModule which would allow him to act as different user. 现在,每个用户都可以将应用程序jar复制到其本地磁盘上,编辑jaas.conf,并设置自己的LoginModule,这将允许他充当不同的用户。
Is there any way to prevent this? 有什么办法可以防止这种情况? How to secure the application? 如何保护应用程序?
1 个解决方案
解决方案1
-2 2014-01-09 21:13:45
Usr e Pwd must be provided by user. 用户密码必须由用户提供。 You have to call your own login interface where the user can provide username and password. 您必须调用自己的登录界面,用户可以在其中提供用户名和密码。 Why you want put the usr&pwd into the jaas.conf? 为什么要将usr&pwd放入jaas.conf?
Anyway, if you want to lock the usr&pwd you can 无论如何,如果您想锁定usr&pwd,则可以
- use certificate 使用证明
- crypt into the file 加密到文件中
- write into a code 编写代码
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.