Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Security about serialized object.  RSS feed

 
SoonAnn Lim
Ranch Hand
Posts: 155
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
I am writing a simple client server application. Client application will send a serialized object (an object that implements Serializable interface) to the server. Server will recover the information on this object and do further procesing. Server also send by the same object to client after processing, client will get an update object with more and new information. If client is run via internet, how secured is this architecture? I don't encrypt the object at this point. If serialized object is unsecure, then i may consider to encrypt it before sending via the internet.
Thanks.
 
Peter den Haan
author
Ranch Hand
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A serialized object is totally unprotected and insecure. If you need to transfer one over the net or any other untrusted medium, then I would suggest either using a secure channel such as SSL/TLS (using JSSE), or wrapping the object inside a javax.crypto.SealedObject (part of JCE).
Both JSSE and JCE are included in J2SDK 1.4, and downloadable as add-ons for earlier versions.
- Peter
 
SoonAnn Lim
Ranch Hand
Posts: 155
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks a lot.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!