This week's book giveaway is in the Mac OS forum.
We're giving away four copies of a choice of "Take Control of Upgrading to Yosemite" or "Take Control of Automating Your Mac" and have Joe Kissell on-line!
See this thread for details.
The moose likes Servlets and the fly likes Securing Server to Server communication? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Servlets
Bookmark "Securing Server to Server communication?" Watch "Securing Server to Server communication?" New topic
Author

Securing Server to Server communication?

Saiprasad Natarajan
Greenhorn

Joined: Oct 27, 2010
Posts: 12

Hi

I have 2 apps hosted on different servers.
I need certain inputs from App 1 to process in App 2, I figured out the only possible way is to send these parameters is using the GET method.
Due to this all the parameters required in App 2 will be visible in the URL while redirection.

Is there anyway i can secure this server-server communication, so that any user cannot just copy the URL visible during redirection and misuse it.

I have tried out encryption of the parameters being sent but that also is not too secure.

Would appreciate if someone could point out a way to do this.

TIA


Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42043
    
  64
How have you "figured out" that you need to use GET? What's wrong with sending data in the body of a POST, either encrypted or via SSL?

And how does "redirection" figure into server-to-server communication (which is furthermore completely invisible to any user)?


Ping & DNS - my free Android networking tools app
Saiprasad Natarajan
Greenhorn

Joined: Oct 27, 2010
Posts: 12

Hi Ulf,

how else would i send data from one server to another?
I am using a response.sendRedirect(URL) for the redirection and this URL is not on the same server.
When this happens, it is going to be a new request altogether so i guess POST is not possible. If it is, can you please tell me how?

TIA



Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42043
    
  64
Again: where does a redirect come into play when a server communicates directly with another server? It sounds a bit as you're not actually talking about server-to-server communication, but as if there's some 3rd party involved? TellTheDetails.
Saiprasad Natarajan
Greenhorn

Joined: Oct 27, 2010
Posts: 12

Ok. Here's the problem in Detail.

I have a WebApp1 in Server1. This WebApp1 takes inputs from the user and using JavaScript i send these Details to another App, WebApp2 in Server2.
This is how i do it in WebApp1


WebApp2 is a servlet where i use input1 and input2 for processing and after which i need to redirect this to another WebApp say WebApp3 in Server3.

I do this using:


So basically when my inputs are flowing from Server1 to Server2 to Server3, they are seen in the URL which is what i feel makes it vulnerable hence the need to secure this entire process.

The reason i say its redirection is the Control basically moves from Server1 to Server3 with Server2 deciding the final destination, which in this case is Server3.

Hope this helps

Thanks
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42043
    
  64
OK, so there is a 3rd party - a web browser you hadn't mentioned before that acts as client to these web apps. One possibility is to encrypt the data, another is to transmit the data directly between the two servers; you can use HTTP for that as well.
Saiprasad Natarajan
Greenhorn

Joined: Oct 27, 2010
Posts: 12

another is to transmit the data directly between the two servers; you can use HTTP for that as well.


Hi

Can you please tell me how this can be done using Http?

Thanks
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42043
    
  64
http://www.exampledepot.com/egs/java.net/Post.html
Ravi Kiran Va
Ranch Hand

Joined: Apr 18, 2009
Posts: 2234

Use HttpClient for your problem .


Save India From Corruption - Anna Hazare.
 
GeeCON Prague 2014
 
subject: Securing Server to Server communication?