Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Establishing secure communication betw Stub & Skel. VPN??

 
Diego Bowen
Ranch Hand
Posts: 50
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is this possible?? Can I set up a VPN of some sort?? What is the best approach??? Thanks
 
Chris De Vries
Ranch Hand
Posts: 65
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Setting up a VPN is a good and easy way to have secure distributed computing. This eliminates the need to use Custom Socket factories in RMI or other methods of ensuring that communication is encrypted within the program you create. This page may help you get started with VPNs.
 
Diego Bowen
Ranch Hand
Posts: 50
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the suggestions. But i'm curious, since I decided not to use dynamic class loading, other than the communication between the stub on the client and the skel on the server (which using a connection factory I can encrypt that byte stream) are there any other security issues I should be concerned with???
 
Chris De Vries
Ranch Hand
Posts: 65
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Diego Bowen:
Thanks for the suggestions. But i'm curious, since I decided not to use dynamic class loading, other than the communication between the stub on the client and the skel on the server (which using a connection factory I can encrypt that byte stream) are there any other security issues I should be concerned with???

Yes, there are always security issues with distributed programming. Unencrypted authentication schemes can be intercepted. Also remember anyone can access the method you open up, potentially without even connecting to the rmiregistry first (unless you restrict access with a firewall).
 
Diego Bowen
Ranch Hand
Posts: 50
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Chris, so if access to the server is restricted by a firewall, would creating a custom connection factory where communication between stub and skel is encrypted and access to the server by client is identified and authenticated??? I'm trying to make it as secure as possible. Thanks
 
Diego Bowen
Ranch Hand
Posts: 50
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Also readdressing your previous comment, how can I encrypt my authentication scheme???
 
Chris De Vries
Ranch Hand
Posts: 65
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are two easy ways to encrypt your authentication. First, you could encrypt all your RMI communication using the secure socket layer (SSL). Information on how to do this is here. You could also use a challenge/response algorythm where the server sends a random test phrase and you use a password to find a cryptographic hash of the phrase or to send the encrypted phrase back to the server. The server then compares this response to what it expected and allows you to proceed if they match.
 
Diego Bowen
Ranch Hand
Posts: 50
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Chris, I read the "Using a Custom RMI Socket Factory" page and used the exactly as written and it run successful on the same machine (client/server on same machine). However when I tried to do the very same thing with the client on another machine it did not work. I got the following exception:

java.net.ConnectException: Connection refused: ; nested exception
.........................
at HelloClient.main(HelloClient.java:59)
"HelloClient.java" 59L Hello obj = (Hello) registry.lookup("Hello");
I checked the ports that where open and 1099 was there and so was 2002 (where the registry was created in the "HelloImpl.java" code on the server side). I also checked the registry itself and didnt see "Hello" in there, which makes me the exception more understandable. Any ideas or have you had any experience making this code work on two different machines?? Thanks Diego
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic