This week's book giveaway is in the OCMJEA forum. We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line! See this thread for details.
So, I am trying to deploy my java application on the Azure cloud. A web application running on one Virtual Machine will be commanding 2 separate java applications deployed on 2 separate VMs through Java RMI.
Is this approach secure by default?
What will I have to make it secure enough? Will a shared key encrypted password validation do?
Thanks in Advance!
"Do not go where the path may lead, go instead where there is no path and leave a trail" - Ralf Waldo Emersson
Ulf Dittmer wrote:Security is such a huge topic that it's unlikely that two folks will have the same idea of what "secure enough" means. What's your definition of it?
I agree. So here is my thing. I do not want any external unauthorized sources to issue commands to my RMI server applications which are running on different VMs.
Please let me know how else I can make the question more specific.
Joined: Mar 22, 2005
I think a better approach than to use just a password would be to prevent any client from an IP address other than the two you have from connecting.
Thinking a step further, if you do that, then using a password does not provide much extra security. Because any unauthorized connection coming from an authorized IP would mean that the authorized host has been compromised - in which case the attacker could probably have gotten hold of the jar file with the client code, reverse-engineered the code, and thus extracted the password.
So, if you check the IP, a password doesn't add much. But you should use one :-) And store it in encoded form in the source code, not as cleartext, and not in an extraneous file.
Joined: Aug 13, 2009
Thanks for your input Ulf!
The only concern I have here is when I restrict the IPs, I would not be sure if the IPs were never meant to change. If it changes for some reason, my commands will stop working. Moreover, I will be taking up the job of a firewall inside my application. I do not know how acceptable this approach would be in my enterprise.
Does this mean that RMI does not have any inherent security implementations that I can leverage?
Joined: Mar 22, 2005
Server IPs generally don't change; I wouldn't be concerned about that.
Application security is NOT the job of the firewall, it is the job of the application. Defense in depth is what you should implement. If there are further restrictions you can apply at the firewall - so much the better.
RMI does not have any of this stuff built in. But both IP checking and password checking are easy to implement at the application level.