Security of XUI-based applications

Applications/Applets are signed with a code signing certificate issued from a trusted certificate agency such as Thawte or Verisign. The organization the application belongs to is displayed as having signed the application

When launched the application then prompts the user to trust the application and is informs them of the certificate issuer and application owner as shown in the screenshot below.



Signing is only necessary if the application will be carrying out operations which are outside of the JRE sandbox. This would include functionality such as...

• Native calls
• Accessing the file system
• Connections to a host other than the one the application came from

XUI can be configured to communicate with a HTTP server over any port. It can also use web services, messaging or RMI to carry out remote calls. XUI Pro includes a routes and services mechanism that takes care of session management with a servlet container. It also includes a logon service which can be customized to work with any type of authentication service on the back end. It will then take care of checking that the user is logged and to prompt if the session is dropped. It can carry out security checks to make sure the same user is using the session id they created originally.