I have code that has been working fine for some time, or so we
thought. We recently discovered that at times the decryption is
failing. I should say that are using Sun JCE1.2.2.
Below is an example of a clear text string that will fail

so when i am using the SunJCE provider and I call
Cipher.getInstance("DESede");
does anybody know what the default mode (ECB, CBC, OFB, ...) of the
cipher is and what default padding is used?

I have a basic question (which is actually more hypotetical). How secure
is Java regarding Java code. If for example I make a code, which connect
thru JDBC to some database, then I actually expose the way how to
connect (DSN, username, password). If I have an access to execute ...

I'm having some problems getting my VeriSign Secure Site pro
certificate to work.  I'm hoping that someone here can help since
VeriSign is useless.  My web site stopped working on or around Jan
7th.  A quick look at the VeriSign web site pointed me in the

I want to build an Applet that use Robot Class to capture screen :
Robot myRobot = new Robot(myGraphicsDevice);
the problem is that the Java output panel show this message:
java.security.AccessControlException: access denied (java.awt.AWTPermission

I'd like to check if some user can access some file.
This is code snippet (exception handling ommited):
public static void main(String[] args) {
   Subject s = new Subject();

I have been trying to get client authentication running with Tomcat.
However, I keep getting the following exception from tomcat:
java.security.cert.CertificateException: Couldn't find trusted
certificate

I have some quesitons regarding session id's.
Consider the following scenario:
User requires access to a web application for a long period of time
with inactivity. Therefore assume that sessionID never expires.

I'm trying to run a applet in Netscape 7 (Uses Java 1.4.1).
The applet is for reading a file from the local users harddisk.
I know there is the possibility to change the policy file of the user, but
that I don't want to do.

I have an idea for a simple security architecture and would like to
implement it within the java.security package but I am very confused
by the framework.
What I want to do is assign a user to a role (or multiple roles). A

does anybody know what permissions I have to set to load a class using
the URLCLassLoader? The following code works without security manager
    String path = "file:///home/user/dir_of_class/";
    URLClassLoader loader = URLClassLoader.newInstance

I want convert kp.getPublic().getEncoded() to a string.
I want store this key in special file which is a text file, because
this is shared with a no java application.
When i convertr byte[] to string and after string to byte[], i havent

Perhaps I am just brain-dead, but I just installed j2sdk1.4.2_03 and
for the life of me, I can't find the javax.net.sll package.  All the
documentation says that JSSE has been wrapped up into 1.4.2, but where
is it?

Everyone -
Is there a way to request but not require a client certificate?  Not
all of our users have certificates, so we need to be able to use a
standard login page for users that do not have certificates.

Pros and Cons of the subject.  Any opinion to share?