3 Replies Latest reply on Feb 16, 2011 1:49 AM by nickarls

    how to verify war signature at runtime

    javatwo

      To prevent hacker from modifying war file, or make it more difficult, I like to create a MD5 hash for the war. At runtime web application verify the war hash, if it does not match, the web application will stop functioning.

       

      SignJar does not work for this case because hacker can remove jar signature and resign it.

      The question is: how to find the war file to which the web application belongs?

       

      Thanks for help.

      Dave