April 28th, 2013, 03:01 PM
Jar applet - security
My scope was to embed a web-based ssh client in my php site. So, I searched in the Internet and I found a jar that suited in my site.
This jar file (is it allowed to post here which one I found?) is loaded through <applet>.
My question is whether this file is secure or not, in the manner of fact that this ssh client gives you root permissions on systems, lets you type passwords and login remotely on other systems (using passwords again). Probably, this jar file could be harmful enough to collect passwords and send them somewhere else, isnt it?
How can I confirm that this code is secure enough?
(i.e. tcp dumping - to catch if that file communicates with somewhere else, antivirus scanning)
Thanks a lot
April 28th, 2013, 04:35 PM
The only way to really be sure would be to analyze the source code for the applet.
April 29th, 2013, 09:35 AM
Indeed. But I only have the .jar file. Do you have an easy way to view the .java files into it? (i.e. does Netbeans have such functionality?)
i.e. since this is a ssh client program, the code must be really huge
Originally Posted by E-Oreo
April 29th, 2013, 06:39 PM
You can extract the files from a JAR (google for this), however the JAR might not contain the original source files.