Writing secure java code with RMI

Posted by jtnire on Stack Overflow See other posts from Stack Overflow or by jtnire
Published on 2010-05-19T22:01:24Z Indexed on 2010/05/19 22:10 UTC
Read the original article Hit count: 229

Filed under:
|

Hi Everyone,

This may seem like a very broad question, but any help is appreciated.

I have a client/server solution written in java which uses the Cajo project (which uses RMI). I just want to try and make my solution as secure as possible, given the sensitive data that will be transferred between server and client.

So far, my ideas are to make all my classes "final" as well as throw a "non-serializable" exception for all my classes in the server (except for the object bound in the RMI registry, and any objects that actually do need to be transferred of course).

Can anyone think of any other ideas?

I know that someone could write a malicious client - this isn't hard to do as you can find out the remote object's API using reflection. However is there anything I can do to protect a malicious client access classes/objects within the server that they are not supposed to access?

Many Thanks

© Stack Overflow or respective owner

Related posts about java

Related posts about rmi