3 Replies Latest reply on Feb 16, 2011 1:49 AM by Nicklas Karlsson

    how to verify war signature at runtime

    Dave Chen Master

      To prevent hacker from modifying war file, or make it more difficult, I like to create a MD5 hash for the war. At runtime web application verify the war hash, if it does not match, the web application will stop functioning.

       

      SignJar does not work for this case because hacker can remove jar signature and resign it.

      The question is: how to find the war file to which the web application belongs?

       

      Thanks for help.

      Dave