sahej aggarwal wrote:ya its a web app and i m using HTTPS with a valid SSL certificate but still my data can be seen by the paros on the network
and yes the java code could be a servlet or a JSP.
Can some one please help me out in the above mentioned subject.
Heh - it looks like
Paros may be misleading in this case. While you may very well have a valid SSL certificate on your web server, it looks like the staff at Paros are recommending you set the proxy on your web browser for both your secure and insecure data to point to their software, using the same port. I am almost certain that this will result in Paros either not using SSL whatsoever, or using zero-bit encryption (in other words, no encryption) to get to your data.
So - yes, configuring your system in that way will result in breaking the security of your system, and all data that you thought should be encrypted will actually be in plain text until after it leaves the Paros application.