Links

  • 1. Sogeti
  • 2. JBoss
  • 3. IBM
  • 4. Oracle
  • 5. SpringSource
  • 6. NL-JUG
  • 7. Java

Archives

Syndication  RSS 2.0

RSS 1.0
RSS 2.0

Bookmark this site

Add 'JCN Blog' site to delicious  Add 'JCN Blog' site to technorati  Add 'JCN Blog' site to digg  Add 'JCN Blog' site to dzone

Posted by Jan-Hendrik Kuperus at 5:27 on Thursday 29 October    Add 'New: GnuPG plugin for Outlook 2007' site to delicious  Add 'New: GnuPG plugin for Outlook 2007' site to technorati  Add 'New: GnuPG plugin for Outlook 2007' site to digg  Add 'New: GnuPG plugin for Outlook 2007' site to dzone

David Cumps has gone about developing a working GPG plugin for Outlook 2007. Now you can sign your emails from Outlook 2007 using the great Open Source GPG. He describes the installation and usage at his own blog.

–JH

Posted by Jan-Hendrik Kuperus at 14:31 on Wednesday 6 May    Add 'Keeping project passwords safe' site to delicious  Add 'Keeping project passwords safe' site to technorati  Add 'Keeping project passwords safe' site to digg  Add 'Keeping project passwords safe' site to dzone

In many projects, if not all, passwords are used. Either for some shared repository or some test account on an application. In order to make life easy for developers, testers and other team members, these passwords are often kept simple. That might be acceptable in a development environment, but if you have to maintain a production environment you want some strong passwords which are preferably hard to remember.

So how do you keep track of these passwords safely then? You use a ‘password safe’.

Read the rest of this entry »

Posted by Eric Gunnewegh at 13:26 on Thursday 29 March    Add 'Securing Java applications with Acegi, Part 1: Architectural overview and security filters' site to delicious  Add 'Securing Java applications with Acegi, Part 1: Architectural overview and security filters' site to technorati  Add 'Securing Java applications with Acegi, Part 1: Architectural overview and security filters' site to digg  Add 'Securing Java applications with Acegi, Part 1: Architectural overview and security filters' site to dzone

This three-part series introduces Acegi Security System, a formidable open source security framework for Java™ enterprise applications. In this first article, consultant Bilal Siddiqui introduces you to the architecture and components of Acegi and shows you how to use it to secure a simple Java enterprise application.

Posted by Barend Garvelink at 11:39 on Friday 9 March    Add 'Over tokens, impersonation, delegation en WS-Trust' site to delicious  Add 'Over tokens, impersonation, delegation en WS-Trust' site to technorati  Add 'Over tokens, impersonation, delegation en WS-Trust' site to digg  Add 'Over tokens, impersonation, delegation en WS-Trust' site to dzone

Gunnar Peterson schrijft op zijn security blog een stukje over identity, tokens en impersonation.

Het gaat hier om de problematiek van het doorgeven van gebruikerscredentials in een gedistribueerd systeem. Bijvoorbeeld: GUI roept service aan, service roept vervolgservice aan; vervolgservice roept nog weer iets aan waarbij hij de credentials van de gebruiker nodig heeft.

Hoe zorg je nou dat die op een verantwoorde manier door je hele keten heen bij dat systeem terechtkomen? De posting linkt naar diverse achtergrondartikelen en al met al is het waardevolle "food for thought".

[On the road to delegation - learning from QMail]

Posted by Barend Garvelink at 14:17 on Tuesday 13 February    Add 'Artikel: Security Concepts, Challenges, and Design Considerations for Web Services Integration' site to delicious  Add 'Artikel: Security Concepts, Challenges, and Design Considerations for Web Services Integration' site to technorati  Add 'Artikel: Security Concepts, Challenges, and Design Considerations for Web Services Integration' site to digg  Add 'Artikel: Security Concepts, Challenges, and Design Considerations for Web Services Integration' site to dzone

Via het weblog van Gunnar Peterson kwam ik bij een artikel over het beveiligen van een webservices architectuur. Het behandelt een breed scala aan threats, tegenmaatregelen en standaards.

Security Concepts, Challenges, and Design Considerations for Web Services Integration

Posted by Eric Gunnewegh at 13:48 on Monday 7 August    Add 'Security Annotations and Authorization in GlassFish and the Java EE 5 SDK' site to delicious  Add 'Security Annotations and Authorization in GlassFish and the Java EE 5 SDK' site to technorati  Add 'Security Annotations and Authorization in GlassFish and the Java EE 5 SDK' site to digg  Add 'Security Annotations and Authorization in GlassFish and the Java EE 5 SDK' site to dzone

Security is very important in the enterprise environment. In the Java EE 5 / GlassFish environment, you can achieve security using the following options:

- Transport Level Security (TLS) / Secure Sockets Layer (SSL) technologies
- Authentication and Authorization
- Message Level Security (for Web Services in GlassFish only)

This article discusses authentication and authorization.

Posted by Hans-Jürgen Jacobs at 22:13 on Monday 10 April    Add 'Secure your SOA' site to delicious  Add 'Secure your SOA' site to technorati  Add 'Secure your SOA' site to digg  Add 'Secure your SOA' site to dzone

Secure your SOA: “Enterprise-grade SOAs require a plan for addressing diverse security needsAsh Parikh, Anthony Sangha, and Murty Gurajada” [javaworld/]

Posted by Hans-Jürgen Jacobs at 10:28 on Friday 7 April    Add 'An Approach to Web Services Non-Functional Requirements' site to delicious  Add 'An Approach to Web Services Non-Functional Requirements' site to technorati  Add 'An Approach to Web Services Non-Functional Requirements' site to digg  Add 'An Approach to Web Services Non-Functional Requirements' site to dzone

In this article, the authors describe a utility tool that will help customize WSDL to contain the security
information and XML schemas for a service based on the WSDL 1.1 specification. [theserverside.com]

Posted by Hans-Jürgen Jacobs at 15:48 on Thursday 30 March    Add 'Java developers can’t afford to ignore app security' site to delicious  Add 'Java developers can’t afford to ignore app security' site to technorati  Add 'Java developers can’t afford to ignore app security' site to digg  Add 'Java developers can’t afford to ignore app security' site to dzone

For many Java developers, application security has not been an issue they’ve wanted to tackle. That changed last week as experts addressed the subject at TheServerSide Java Symposium. In "Java developers can’t afford to ignore app security," the panel’s conclusions and assertions are covered, with the most severe being that developers don’t enjoy security, so they ignore it. [searchappsecurity]

Posted by Barend Garvelink at 15:41 on Saturday 31 December    Add 'Bouncy Castle Java Crypto API 1.3.1' site to delicious  Add 'Bouncy Castle Java Crypto API 1.3.1' site to technorati  Add 'Bouncy Castle Java Crypto API 1.3.1' site to digg  Add 'Bouncy Castle Java Crypto API 1.3.1' site to dzone

Gevonden op Café au lait:

The Legion of the Bouncy Castle has released version 1.31 of the Bouncy Castle Java Cryptography API, an open source, clean-room implementation of the Java Cryptography Extension (JCE). It supports X.509 certificates, PKCS12, S/MIME, CMS, PKCS7, and lots of other juicy acronyms. It also includes its own light-weight crypto API that works in Java 1.0 and later, and does not depend on the JCE. Version 1.31 has “bug and compatibility fixes for the PGP library as well as some defects fixed in the X.509 extension processing, ECDSA key encoding and the EC point encoding. The most notable new addition is the support for very large files in the SMIME package via streaming.” Download it while it’s still legal.


© 2018 Java Competence Network. All Rights Reserved.