we have a Oracle forms application running with the sun JVM.
When we start the app we are asked to accept two signed certificates.
When we say ok we can see them in the user certificates store in
"Trusted certificates" ( Vertrauenswürdige Zertifikate ).

I am newbie to the group, so please tell me if my questions are
relevant to the group or not.
I am working on JSR 177 APIs , SATSA . I want to know , how using
those APIs i can fetch ,

I have the following problem. I am trying to secure my groovy script shell
with SecurityManager. My policy file has 3 grant sections :
grant codeBase "file:/scripts" {
permission java.util.PropertyPermission "file.encoding", "read";

I'm facing a problem here about password storage in a JVM.
Here's the problem:
An html page sends a login/password to a servlet. This servlet reads the
password through the getParamter method. The getParameter, thus, creates

The CERT/CC has added to their secure coding standards for the C
language and for C++ by developing secure coding standards for Java.
The site, available as a Wiki, is at:
https://www.securecoding.cert.org/confluence/display/java/CERT+Java+Secure+Codin
g+Standard

Please be gentle. I am horribly java naive and have only gone by way of the
various instructions for creating keystores and certificates found at a
variety of sites that all match in syntax and function.
I have created a keystore, created a signing request (which has been sent to

I am curious about OTP fobs.  My sister said they use them at work.
She said she has to key a number that displays on the fob.  This
strikes me an unnecessary and just a source of error. Surely the fob
could insert the password, but then why bother with the display?