Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to prevent others from connecting to my server?

 
shahabas shabeer
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hai all,
I developed an applet which make a socket connection to a server running in the host machine..
Now I fear some body could decompile my class files inside the jar file and get the port
and simply write a program to extract all the information that I am writing to the socket at server side.
Can any body tell me how could I prevent others from connecting to my server using other programs.

Note : I am using a selfsigned applet and I am sure I don't want to use SSLSocket.
Thanks.. Shahabas
 
Catalin Merfu
Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you give us more details, please?

A client can not download all the information available from a server simply connecting to the server.

To add security to your connection the simplest way is to use SSL.
Otherwise you would have to encrypt the messages sent between the client and the server and implement server authentication probably using certificates.
 
shahabas shabeer
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hai catalin,

Let me clarify my requirement using an example.

I have a server which is publishing news to a number of clients.
Clients can make a socket connection to the IP (say 127.0.0.1) and port (say 6789) and get the news from the server.
My client program is an applet.
I want ONLY my applet to connect to the server.

But now anybody who knows the IP and port can connect to the server and get the news.

How can I prevent them from doing this?

Hope now it is clear.

Cheers. Shahabas..
 
jeff willis
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Did you write your server?

When I implement a server, I like to implement a little handshaking with my client before actually doing any work.

Something like this:

1. client connects to server.
2. server sends client "OK" message.
3. client must send server "let's roll" message to server.

If the server doesn't receive the "let's roll" message, then the connection is closed.

It's not anything like a secure server, but it may set your mind to rest concerning who is connecting to your server.
 
shahabas shabeer
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Yes... I can do handshaking.
But, as you said, if I send a hardcoded string ("let's roll") to the server,
anybody who is able to decompile my code can send this string to server and get the connection.
Is it possible to generate something like a digital signature at the time of compilation,
so that I can send this to the server for validation.

Thanks.. Shahabas
 
jeff willis
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OK, now I understand your question a little better. I'm not sure about the digital signatures, but if I find something I'll post it here.

Have you tried sending a Properties object or a hashtable to your server?

This may not solve your problem though.
 
Rovas Kram
Ranch Hand
Posts: 135
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm wondering why your applet doesn't have a login screen...
 
Stefan Wagner
Ranch Hand
Posts: 1923
Linux Postgres Database Scala
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
He doesn't want to give access to his server to users, but to his applet.

I don't understand why - but that's it.

And access to the applet isn't restricted?

I don't get the idea...
Is the applet manipulating the news or does it restrict the access?
A kind of demo?
 
Catalin Merfu
Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The moment you publish your applet you also publish the wire protocol and anybody can access your server and send in requests. You have to fight the same problem as Yahoo that saw a third party chat client being built for their service. Their solution is to change the protocol frequently:

http://news.com.com/Yahoo+to+Trillian:+Talk+to+the+hand/2100-1032_3-5245821.html

--------------------

Catalin Merfu
High Performance Java Networking
http://www.accendia.com
 
shahabas shabeer
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks all,
I will also try something like this.
If anybody could find out a better solution,
please post it here..

Cheers
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic