[jboss-user] [Security & JAAS/JBoss] - Client-cert authentication: how to prevent the client copy t
do-not-reply at jboss.com
Fri Nov 2 23:30:17 EDT 2007
I intend to distribute my rich client application with a client cert so that they can subsequently connect to the server using client-cert authentication and then authorization...
The app is supposed/licensed to run from only one computer, but i also don't want to have an installation key kinda stuff. So I would like to ensure this by only allowing connection from one computer per cert.
Naturally, or ideally, the best would be that i store the client's MAC address when it makes first connection to the server and subsequently deny access from any other MAC addresses for this cert. But i suppose i have no way to get the client's MAC.
So, anyone got a suggestion? thanks
ok, let me phrase it in another way, my questions are:
1. how to store the client cert securely on client's pc?
2. how to detect if the client cert has been copied to another pc
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4101501#4101501
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4101501
More information about the jboss-user