Products Products
Support & Forums Support & Forums
Compliance Testing Compliance Testing
Labs & Sandboxes Labs & Sandboxes
Program Program
Co-Marketing Co-Marketing
Avaya Experience Platform Avaya Enterprise Cloud Avaya Client SDK Avaya Aura Platform See All Products Find Developer Resources

Avaya Experience Platform

Overview Interfaces Learning Support Options Compliance Testing

Avaya Enterprise Cloud

Overview Interfaces Learning Support Options Compliance Testing

Avaya Client SDK

Overview Programming Docs Developer Downloads Licensing Support & Testing

Avaya Aura Platform

Application Enablement Services Communication Manager Presence Services Snap-in Session Manager System Manager Session Border Controller
About DevConnect Support Submit Support Tickets Support Forums Other Support Options

About DevConnect Support

Support Options Support FAQs Supported Platforms and Interfaces

Submit Support Tickets

Procured System Support
For procurement issues or questions Remote Lab Support
For issues and questions related to DevConnect remote labs Membership & Program Support
For membership and program benefits questions General Support
For general issues not covered by the other support tickets

Support Forums

Avaya Client SDK AEServices DMCC APIs AEServices JTAPI AEServices Web Services Avaya Workspaces Avaya Experience Platform Orchestration Designer All Forums

Other Support Options

Product Notices Non-DevConnect Support Resources

Compliance Testing

About Compliance Testing Compliance Tested Solutions

About Compliance Testing

Compliance Testing Overview Avaya Interfaces Eligible For Testing Compliance Testing FAQs Compliance Testing Guide(s) (PDF)

Compliance Tested Solutions

DevConnect Marketplace Search Applications Notes

Labs & Sandboxes

Remote Labs Procurement Benefits

Remote Labs

Remote Labs Overview Avaya Aura Session Manager Avaya Aura AE Services & Communication Manager Self Services (Experience Portal) Avaya Proactive Outreach Manager Avaya Contact Center Elite

Procurement Benefits

About DevConnect Procurement Access/View Procurement Catalog Procurement FAQs DevConnect Procured System Support

Program

Program Overview Program Benefits Membership Options

Program Overview

DevConnect Membership Levels DevConnect Program Guide (PDF) DevConnect Program FAQs

Program Benefits

Membership Benefits DevConnect Procurement Co-marketing

Membership Options

Manage My Portfolio/Solutions Manage My Profile

Co-Marketing

Co-Marketing Benefits Relationship Benefits

Co-Marketing Benefits

Co-Marketing Overview Logos Marketplace Co-branded Collateral Select Product Program

Relationship Benefits

Social Media 8-and-Out Podcasts Sponsorships Advertising

Author Message
19/06/2017 06:37:40
Subject: What is the recommended way of loading the keystore in a snapin.
#1
EP&T_deprecated
Joined: May 8, 2017
Messages: 2
Offline
Hello !!
I am working on VB snapin, this snapin uses a keystrore file, we have manually copied the keystore file on the breeze node, we have a snap-in service attribute which specifies the location of keystore file. Snapin uses this service attribute to load the keystore file. This is working fine.
Last week we had a code scan, during code scan the security team identfied an vunralblity "Path Traversal" which is related to the path of the keystore file.
The security team has suggested us not to use any path (relative/absolute ) to load the keystore.
so what is the recommanded way to load the keystore file in snapin. Should we use the breeze classpath to load the keystore file, any other options?

Thanks !!
PM
21/06/2017 06:14:45
Subject: Re:What is the recommended way of loading the keystore in a snapin.
#2
EP&T_deprecated
Joined: May 8, 2017
Messages: 2
Offline
any suggestion, thoughts?
PM
21/06/2017 22:46:27
Subject: Re:What is the recommended way of loading the keystore in a snapin.
#3
JoelEzell
Joined: Nov 15, 2013
Messages: 780
Offline
Please send me a direct email on this. Thanks.
PM
Go to:   
Mobile view