Only 48 hours left in the trailboss' kickstarter!

New rewards and stretch goals. CLICK HERE!



  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Suggestions on security issues when using telnet  RSS feed

 
Priya Raj
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,
From my JSP, I need to establish a telnet session to my server to enable user to execute applications from the unix shell. We have a user id and password for these users..
My question is,
What are the security issues in this design? How can I handle this if possible so that my users have access to only their directories...
Thanks
RHP
 
Marty Hall
Author
Ranch Hand
Posts: 111
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From my JSP, I need to establish a telnet session to my server to enable user to execute applications from the unix shell.

I'm confused by what you mean by "from my JSP."
Do you mean "from the JSP (really servlet) as it executes"? If so, you are already running on the server.
Or do you mean "from the browser"? If so, I don't see what JSP has to do with this: JSP doesn't run in the browser and doesn't affect the kind of content that can.
Can you clarify what you mean, please?
Cheers-
- Marty
 
Priya Raj
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Marty,
I mean from the browser. I used "JSP" since I was handling login functions in the JSP.
To rephrase the question, what would be the security issues when allowing a user to "telnet" to the webserver from the browser? I am trying to do this by an available telnet applet "JTA".
Is this a good practice at all? I know I have not seen browsers allowing users to telnet to any servers... but i wanted to know what the security issues are before ruling out this completely...
Thanks
RHP
 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually, I think what you mean is you're trying to run a telnet session via a web browser.
Telnet security from client to server is low. UserID and password are not encrypted. However, if you're having the user type stuff into an input control in an HTML page (or an equivalent structure in an applet), then the back-end security isn't so important. Instead what's important is the ability to secure the actual web page that the end-user's going to be using.
Telnet, BTW isn't all that well suited for use over HTTP. It's not totally synchronous, and even in cases where it is, the response time for a telneted app may exceed the browser's timeout limit which could potentially lead to all sorts of confusion.
 
Priya Raj
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for all the clarifications.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!