Re: [Php-java-bridge-users] Securing PHP/Java Bridge

[<php...@li...>]

Thanks again, all!

For the benefit of anybody else wanting to implement this, the specific bit
you need to change is around line 1043 of Java.inc, in
java_SimpleHttpTunnelHandler::getBodyFor().

REPLACE:

return "Cache-Control: no-cache\r\nPragma: no-cache\r\nTransfer-Encoding:
chunked\r\n\r\n${len}\r\n\177${compat}${data}\r\n";

WITH:

$auth = "";
if ( defined("JAVA_AUTH_USER") && defined("JAVA_AUTH_PASS") ) {
   $encoded_credentials = base64_encode(JAVA_AUTH_USER . ":" .
JAVA_AUTH_PASS);
   $auth = "Authorization: Basic {$encoded_credentials}\r\n";
}
return "{$auth}Cache-Control: no-cache\r\nPragma:
no-cache\r\nTransfer-Encoding:
chunked\r\n\r\n${len}\r\n\177${compat}${data}\r\n";

Then after you configure Tomcat to require HTTP Basic Authentication to
access your Java Bridge, you just need to define JAVA_AUTH_USER and
JAVA_AUTH_PASS appropriately in your PHP app.

Disclaimers: This is pretty thin security, but it may or may not be better
than nothing. It worked for my particular setup, but may not work (or break
things) on yours. Your mileage may vary, void where prohibited, no refunds.

-Jon


On Fri, Sep 7, 2012 at 5:55 PM, <php...@li...
> wrote:

> You can secure the back end using basic auth and send something like
>
>    "Authorization: Basic "
>    base64_encode(user.":".pass)
>
> but this won't solve the other problems (files, all apps running in shared
> memory).
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> php-java-bridge-users mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/php-java-bridge-users
>