VirtualBox

Ticket #8694 (new defect)

Opened 3 years ago

Last modified 3 years ago

java client access via vboxjws.jar is not using https

Reported by: ludo Owned by:
Priority: major Component: webservices
Version: VirtualBox 4.0.4 Keywords:
Cc: Guest type: other
Host type: other

Description

java client access via vboxjws.jar is done via http and a user name and password.

But http communication is not secure, so it would be possible to see the name and password in clear on the wire. Please consider adding https access as well for real security.

Change History

comment:1 Changed 3 years ago by klaus

So far we opted for referring to Apache in a reverse proxy config to provide SSL functionality. This avoids reinventing the wheel, which in this area often means making embarassing mistakes handling private keys and the like...

Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use