i'm sending , post requests https server, i've googled tutorials working https ssl , found various outdated tutorials
so i'd know if written code secure or it's not secured @ all
final url url = new url(inputurl); final httpsurlconnection conn_get = (httpsurlconnection) url.openconnection(); sslsocketfactory sslsocketfactory = createtrustallsslsocketfactory(); conn_get.setsslsocketfactory(sslsocketfactory); in = new bufferedinputstream(conn_get.getinputstream()); ... and sslsocketfactory
private static sslsocketfactory createtrustallsslsocketfactory() throws exception { trustmanager[] bypasstrustmanagers = new trustmanager[]{ new x509trustmanager() { public x509certificate[] getacceptedissuers() { return new x509certificate[0]; } public void checkclienttrusted(x509certificate[] chain, string authtype) { } public void checkservertrusted(x509certificate[] chain, string authtype) { } }}; sslcontext sslcontext = sslcontext.getinstance("tls"); sslcontext.init(null, bypasstrustmanagers, new securerandom()); return sslcontext.getsocketfactory(); } should change or not secure purposes?
so i'd know if written code secure or it's not secured @ all
it not secure, blindly accepting ssl certificates, fraudulent ones. app will not allowed ship on play store, , in countries you might sued government.
should change something
keep these lines:
final url url = new url(inputurl); final httpsurlconnection conn_get = (httpsurlconnection) url.openconnection(); in = new bufferedinputstream(conn_get.getinputstream()); delete else.
Comments
Post a Comment