This week's book giveaway is in the OCMJEA forum. We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line! See this thread for details.
Hi everyone, for the client's configuration gui, the client should choose the IP and the PortNumber. I'm just asking myself if I should validate the IP - perhaps with a method of java.net.InetAddress. What do you think about that and how have you handled this problem? Thanks in advance & greetings Ulrich
Hello Ulrich, Good to see you posting back here. I didn't do any validation around the IP address since I assumed that the user can either enter a DNS name that will be resolved to an IP address or an IP address directly. I did validate the port number as a positive integer, but that is about it. I may not be the best person to advice you on this since I lost 15 out of 40 points in the GUI section. I believe that it was because of other reasons but I am not sure. Regards. Bharat
I agree with Bharat on not validating the IP. However, I'm wondering if there is a maximum valid port number that we could check against. (i.e. so then we would validate that port number is greater than 0 and less than ???) Anyone out there know? TJ
Hi Bharat, Terry, Peter & Nicholas, thanks for your help. Concerning the PortNumber I make a check if its an number between 1 and 65535, but I think I will also consider Nicholas' advice and restrict it to between 1024 and 65535 Greetings Ulrich
Maybe i'm missing the point here as I haven't started on the networking side yet, but ... The port we are entering is the port of the server we write. Surely then we should define some rule for our server saying look for port 2001, and then keep incrementing until we find a free one, or some such rule. Then we will know where to start. It just strikes me that the rules on ports are more relevant to the server than to client end validation on something the user enters. I would be more inclined to devote my efforts towards providing the user helpful instructions on how to set the port, and informative feedback if the port they enter is wrong, rather than capturing a number in the range of 1 .. 50000
Originally posted by Nicholas Cheung: Port number between 0 to 1024 is reserved for some purposes.
Many operating systems reserve ports 0 to 1024 for "system" processes: a process that an administrator starts up. You would not normally want any user opening up an FTP server (for example) on your site - you would normally only want the administrator to be able to do that after proper planing and after setting up proper security. Microsoft deviated from this policy - not being originally designed for use in networks, they did not consider security or other issues, so they allow any user to open any port on their local PC.
Originally posted by Nicholas Cheung: For example, port 80 is used for HTTP requests, port 433 is used for SSL, etc.
Note that these are standard / default port assignments, but there is nothing to enforce them. You can service HTTP requests on port 8080 if you like (and many people do), or you could service FTP requests on port 80 (why you would want to is beyond me though ) If you would like to know more about what are standard port numbers, you can look at:
From my /etc/services file: # The latest IANA port assignments can be gotten from # http://www.iana.org/assignments/port-numbers # The Well Known Ports are those from 0 through 1023. # The Registered Ports are those from 1024 through 49151 # The Dynamic and/or Private Ports are those from 49152 through 65535
So to be a good net citizen you should normally pick a port number in the dynamic and/or private ports range (or go with the default port for RMI ).
Originally posted by james airey: The port we are entering is the port of the server we write. Surely then we should define some rule for our server saying look for port 2001, and then keep incrementing until we find a free one, or some such rule. Then we will know where to start.
Most people would want to have a dedicated port number. You can suggest to the user that they start at port 2001 and go up if you like, but I would not do it programattically. Otherwise you could be on port 2001 today and port 2005 tomorrow - which would mean that every client would need to change their port number.
Originally posted by james airey: It just strikes me that the rules on ports are more relevant to the server than to client end validation on something the user enters. I would be more inclined to devote my efforts towards providing the user helpful instructions on how to set the port, and informative feedback if the port they enter is wrong, rather than capturing a number in the range of 1 .. 50000
You could always have one common bit of code to validate the socket number, and use it in both client and server I do agree with the idea that documenting how to set port numbers (on both clients and servers) is far more important than validating the numbers. Personally I did not bother validating the numbers at all - I documented how to set the port number on both the server and on the client, and then accepted any valid number. Regards, Andrew [ December 30, 2003: Message edited by: Andrew Monkhouse ]