Announcement Announcement Module
No announcement yet.
Security problem. Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security problem.


    Im an Application Security Consultant and im having an assessment in does day on application that includes WEB tier and Business Tier.

    The Web and the Business Tier are communicating Through Java RMI.

    As i see it , from a hacker point of view, theoretically ( if i know the name of the remote methods ) i can implement my own client which will bypass the web tier and by that reach to sensitive methods and get sensitive information.

    The developer is insisting that they are using "Spring Security" which will not let me to connect directly to the methods within the business tier.

    Can someone enlighten me , Im not very familiar with this technology and i cannot understand how exactly the "Spring Security" implement Authentication on the RMI methods in the Business Tier.

    Best regards and good day.