Java security and NE4.0

Amos Kudirka (amos.kudirka@firstdatacorp.com)
Thu, 19 Mar 1998 10:08:00 -0800

Date: Thu, 19 Mar 1998 10:08:00 -0800
From: "Amos Kudirka" <amos.kudirka@firstdatacorp.com>
To: java-security@web1.javasoft.com

Background First:
I am very new to the JAVA world but this is what we have accomplished
in 4 months from text books. We have an internet Reporting solution for
our thousands of bank clients, these report applets are tables and charts
displays
using Oracle as our data source communicating through an RMI server.

We where just about to go into production and our security department asked
Are you secure? I answered: I think so, we have encryption turn on the
Enterprise
server! , I figured since I was going through a firewall every thing should be
fine.

I come to find out that the Security department has no back ground in deploying
internet applications. They now want me to go through some secured port 443
and get a third party "SSLava" encryption package. The problem I have is if I
start RMI on port 443 it fails saying that the port is already in use.... And
if
the Enterprise server has encryption turned on this should be adequate.

Question:
Is there any documentation on implementing a secure application as I described
above anywhere? Or any advise on what I need to be doing?
I've read so much on SSL that I can not make heads or tails
of it. I just want to show evidence that I am secure and if not why!

Hope you can help. Thanks

\\\|///
\\ ^ ^ //
( @ @ )
--------------oOOo--(_)-oOOo----------
amos.kudirka@firstdatacorp.com