VirtualBox

Opened 14 years ago

Last modified 13 years ago

#8694 new defect

java client access via vboxjws.jar is not using https

Reported by: ludo Owned by:
Component: webservices Version: VirtualBox 4.0.4
Keywords: Cc:
Guest type: other Host type: other

Description

java client access via vboxjws.jar is done via http and a user name and password.

But http communication is not secure, so it would be possible to see the name and password in clear on the wire. Please consider adding https access as well for real security.

Change History (1)

comment:1 by Klaus Espenlaub, 13 years ago

So far we opted for referring to Apache in a reverse proxy config to provide SSL functionality. This avoids reinventing the wheel, which in this area often means making embarassing mistakes handling private keys and the like...

Note: See TracTickets for help on using tickets.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette