This is the current architecture.
-
The user is required to download a .exe file which runs a local Java HTTPS server (desktop) at localhost and some port.
-
The web app (browser) can then talk to the local desktop server so that it can access and write to the file system.
So the questions are:
1.) What are ways to verify that the web app is talking to the real desktop server and not a fake one?
2.) Are there ways to restrict those that can communicate with the desktop server? For example, only my web app can talk to it.
3.) Given the .exe file, is it possible for a hacker to reverse engineer the application and retrieve the details? Such as the Java Keystore (since it is an HTTPS server) and anything that is placed in a .properties file?
Aucun commentaire:
Enregistrer un commentaire