Security protocol between web client and Java server

Asked Dec 28 '15 at 15:32

Active Dec 29 '15 at 13:58

Viewed 101 times

I'm trying to develop a security layer between a web client (HTML) and a server. Due to technical limitations HTTPS can't be enabled.

How can I secure the server so that only requests from trusted sources are processed?

I have looked into Nimbus SRP but a password would have to be stored in the client side and thus being visible for inspection.

edited Dec 29 '15 at 13:58

asked Dec 28 '15 at 15:32

Raimundo

1

What kind of technical limitations do you have that prevents HTTPS? – Kayaman Dec 28 '15 at 15:50
Surely you investigated more options than only this one example. – Gimby Dec 28 '15 at 15:57
@Kayaman This is imposed by the client. It is related with their architecture. – Raimundo Dec 28 '15 at 16:16
@Gimby It's an example. I'm trying to gather as much information as I can. – Raimundo Dec 28 '15 at 16:17
I hope you have real experience with security. Otherwise this has a high chance of resulting in tears and security breaches. – Kayaman Dec 28 '15 at 16:21
@Kayaman That's what I'm affraid of. – Raimundo Dec 28 '15 at 16:33

0 Answers0