Hi all, I am writing a simple client server application. Client application will send a serialized object (an object that implements Serializable interface) to the server. Server will recover the information on this object and do further procesing. Server also send by the same object to client after processing, client will get an update object with more and new information. If client is run via internet, how secured is this architecture? I don't encrypt the object at this point. If serialized object is unsecure, then i may consider to encrypt it before sending via the internet. Thanks.
A serialized object is totally unprotected and insecure. If you need to transfer one over the net or any other untrusted medium, then I would suggest either using a secure channel such as SSL/TLS (using JSSE), or wrapping the object inside a javax.crypto.SealedObject (part of JCE). Both JSSE and JCE are included in J2SDK 1.4, and downloadable as add-ons for earlier versions. - Peter
posted 16 years ago
Thanks a lot.
All of the world's problems can be solved in a garden - Geoff Lawton. Tiny ad:
RavenDB is an Open Source NoSQL Database that’s fully transactional (ACID) across your database