BASE64Encoder - accessClassInPackage.sun.misc

Hello

I have encountered an issue on GoDaddy’s shared Linux Java hosting. For encrypting of user passwords, I am using sun.misc.BASE64Encoder. This works in my local development environment(JRE 1.5).

When I run this code on GoDaddy, I get:

java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.misc)

It seems that this is a permissions issue (I am kind of guessing because this is stretching my current knowledge):

My questions are:

Is there a way I use can BASE64Encoder on shared hosting? My guess is that GoDaddy will not grant me any more permissions.

Should I be using a different type of encryption or is there a type of encryption besides BASE64 you would recommend for passwords for a shared hosting account?

Thanks in advance for your time and knowledge.

you’re correct about the permissions. It looks like GoDaddy has set a certain security policy with their JVM that doesn’t allow you to run your code. But can you just encode the passwords on your own system? or does it need to be done on the fly (via a web interface I’m guessing?) . I’d say your best bet is to contact GoDaddy support and find out exactly what the restrictions are and what you can use. They may have a better suggestion for you.

Thank you for the response. I did call GoDaddy and they said security permissions can not be changed since it is shared hosting. I was not surprised by their response.

The way I am using the encryption is through a web app and when users’ sign in, the password they enter is one-way encrypted and checked against the password that is saved in the DB (it was one-way encrypted before it was inserted into the DB). I think this approach is pretty standard.

I did do more Google searching and came across an Open Source encryption framework called Jasypt (www.jasypt.org). For some reason the site is not working today but it was last night. Not sure what the deal is. My goal is to have some code mocked up and I will test it on GoDaddy’s servers in the next day or two. If it works, I will post back. Also, if anyone has any feedback on a better encryption framework, I always like to learn about new things.

I did get Jasypt to successful work on GoDaddy’s servers. It seems to work pretty well. The only real draw back to I see is that it requires multiple jar files (if I remember corretly 4) in order for the Jasypt framework to work.

How we can find out mime-type in web.xml which it is using. how many types of mimi type we can use in mime-mapping.