SecurityFocus

secure storage of sensitive data in J2EE Jan 25 2005 09:18AM
chaim moshe (xor256 hotmail com) (6 replies)

Re: secure storage of sensitive data in J2EE Feb 07 2005 07:41PM
Kevin Conaway (kevin conaway gmail com) (3 replies)

Re: secure storage of sensitive data in J2EE Feb 09 2005 03:49AM
Ashish Popli (apopli gmail com) (2 replies)

Re: secure storage of sensitive data in J2EE Feb 09 2005 02:36PM
Kevin Conaway (kevin conaway gmail com) (1 replies)

Re: secure storage of sensitive data in J2EE [Virus Checked] Feb 09 2005 05:09PM
graham coles retail-logic com

Re: secure storage of sensitive data in J2EE Feb 09 2005 12:37PM
Nick Seward (nseward cscn com) (1 replies)

Re: secure storage of sensitive data in J2EE Feb 09 2005 10:23PM
Randy (rho clunet edu) (2 replies)

Re: secure storage of sensitive data in J2EE Feb 10 2005 10:59AM
Alexander Klimov (alserkli inbox ru)

Re: secure storage of sensitive data in J2EE Feb 09 2005 09:17PM
Nick Seward (nseward cscn com)

Re: secure storage of sensitive data in J2EE Feb 08 2005 12:36AM
Antoine Martin (antoine nagafix co uk) (1 replies)

Re: secure storage of sensitive data in J2EE Feb 08 2005 02:13AM
Valdis Kletnieks vt edu

Re: secure storage of sensitive data in J2EE Feb 08 2005 12:10AM
Dimitris Mistriotis (besieger yahoo com)

Re: secure storage of sensitive data in J2EE Jan 27 2005 02:58PM
Steve Taylor (stillio bellsouth net)

Re: secure storage of sensitive data in J2EE Jan 25 2005 07:06PM
Sean Radford (sradford bladesystems co uk)

Re: secure storage of sensitive data in J2EE Jan 25 2005 06:25PM
Luciano R. de Albuquerque (aluciano ravel ufrj br) (1 replies)

I have a similar question to this sent by Chain.
But, instead of java I m using C. So, which kind of solution do you sugest to
store session keys in a linux enviromnent using C.

regards,
Luciano.

Citando chaim moshe <xor256 (at) hotmail (dot) com [email concealed]>:

> Hello list,
>
> where can I store sensitive data like encryption keys, passwords, etc. in
> J2EE?
> surely, you can save it in the keystore, but the catch is where do you store
> the keystore password to protect it from external access?
> storing the keystore password in code or in config files is not secured
> enough.
>
>
> In the .NET environment you have DPAPI that was designed exactly for this
> kind of problem, the sensitive data is encrypted at the OS level with the
> user/machine password and is decrypted at runtime.
> What is the solution in the J2EE environment ?
>
> Thanks!
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>

Luciano R. de Albuquerque
Mestrando - COPPE/Sistemas - UFRJ
Lab. de Redes de Alta Velocidade - RAVEL
http://www.ravel.ufrj.br
http://www.ravel.ufrj.br/~aluciano
http://www.garf.coppe.ufrj.br/

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

[ reply ]

SV: secure storage of sensitive data in J2EE Jan 26 2005 12:24PM
Daniel Susid (a01tux student informatik gu se)

Re: secure storage of sensitive data in J2EE Jan 25 2005 04:41PM
Valdis Kletnieks vt edu

Re: secure storage of sensitive data in J2EE Jan 25 2005 04:33PM
Alexander Klimov (alserkli inbox ru)