aspose file tools*
The moose likes Distributed Java and the fly likes Establishing secure communication betw Stub & Skel. VPN?? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Java » Distributed Java
Bookmark "Establishing secure communication betw Stub & Skel. VPN??" Watch "Establishing secure communication betw Stub & Skel. VPN??" New topic
Author

Establishing secure communication betw Stub & Skel. VPN??

Diego Bowen
Ranch Hand

Joined: Aug 19, 2003
Posts: 50
Is this possible?? Can I set up a VPN of some sort?? What is the best approach??? Thanks
Chris De Vries
Ranch Hand

Joined: Dec 05, 2002
Posts: 65
Setting up a VPN is a good and easy way to have secure distributed computing. This eliminates the need to use Custom Socket factories in RMI or other methods of ensuring that communication is encrypted within the program you create. This page may help you get started with VPNs.
Diego Bowen
Ranch Hand

Joined: Aug 19, 2003
Posts: 50
Thanks for the suggestions. But i'm curious, since I decided not to use dynamic class loading, other than the communication between the stub on the client and the skel on the server (which using a connection factory I can encrypt that byte stream) are there any other security issues I should be concerned with???
Chris De Vries
Ranch Hand

Joined: Dec 05, 2002
Posts: 65
Originally posted by Diego Bowen:
Thanks for the suggestions. But i'm curious, since I decided not to use dynamic class loading, other than the communication between the stub on the client and the skel on the server (which using a connection factory I can encrypt that byte stream) are there any other security issues I should be concerned with???

Yes, there are always security issues with distributed programming. Unencrypted authentication schemes can be intercepted. Also remember anyone can access the method you open up, potentially without even connecting to the rmiregistry first (unless you restrict access with a firewall).
Diego Bowen
Ranch Hand

Joined: Aug 19, 2003
Posts: 50
Thanks Chris, so if access to the server is restricted by a firewall, would creating a custom connection factory where communication between stub and skel is encrypted and access to the server by client is identified and authenticated??? I'm trying to make it as secure as possible. Thanks
Diego Bowen
Ranch Hand

Joined: Aug 19, 2003
Posts: 50
Also readdressing your previous comment, how can I encrypt my authentication scheme???
Chris De Vries
Ranch Hand

Joined: Dec 05, 2002
Posts: 65
There are two easy ways to encrypt your authentication. First, you could encrypt all your RMI communication using the secure socket layer (SSL). Information on how to do this is here. You could also use a challenge/response algorythm where the server sends a random test phrase and you use a password to find a cryptographic hash of the phrase or to send the encrypted phrase back to the server. The server then compares this response to what it expected and allows you to proceed if they match.
Diego Bowen
Ranch Hand

Joined: Aug 19, 2003
Posts: 50
Hi Chris, I read the "Using a Custom RMI Socket Factory" page and used the exactly as written and it run successful on the same machine (client/server on same machine). However when I tried to do the very same thing with the client on another machine it did not work. I got the following exception:

java.net.ConnectException: Connection refused: ; nested exception
.........................
at HelloClient.main(HelloClient.java:59)
"HelloClient.java" 59L Hello obj = (Hello) registry.lookup("Hello");
I checked the ports that where open and 1099 was there and so was 2002 (where the registry was created in the "HelloImpl.java" code on the server side). I also checked the registry itself and didnt see "Hello" in there, which makes me the exception more understandable. Any ideas or have you had any experience making this code work on two different machines?? Thanks Diego
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Establishing secure communication betw Stub & Skel. VPN??
 
Similar Threads
VPN client software freeware?
VPN
VPN & local network
This weeks giveaway
vpn access via emulator