Hi,
As part of the security policy of our product we need to secure the RMI communication. Based on some research that we did, we found that RMI communication can be secured in following ways:
1) Security RMI using ssh tunnel
2) Secure RMI by using RMI over SSL using Custom Socket factories or by using
Java Secure Socket Extension (JSSE) API which provides an implementation of SSL sockets.
I would like to understand, which of the above two approaches is a better approach?
I came across one of the links
http://www.javaranch.com/journal/2003/10/rmi-ssh_p1.html which says that securing RMI using SSL does not protect the communication between the client program and the RMI registry. Is this true for Custom Socket factories as well as JSSE??
Also can someone explain why RMI over SSL does not protect communication between client program and the RMI registry??