It's not a secret anymore!
The moose likes Security and the fly likes ensuring secure and trusted communication between two applications Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of The Mikado Method this week in the Agile and other Processes forum!
JavaRanch » Java Forums » Engineering » Security
Reply Bookmark "ensuring secure and trusted communication between two applications" Watch "ensuring secure and trusted communication between two applications" New topic
Author

ensuring secure and trusted communication between two applications

Vikrama Sanjeeva
Ranch Hand

Joined: Sep 02, 2001
Posts: 756
posted private message
0
Quote
Hi all,

There is an app A, providing an interface for payment processing to all those apps (B1, B2, ...) connecting to it. Means app A takes payment details as an input from B1, B2 etc and passes this input to a payment processor.

App A will publish its services via various modes (WS, JMS, Sockets etc) so that B1,B2 has multiple ways to connect app A.

I want to assure:

  • 2-Way communication between A and B1,B2 etc is secure and confidential
  • Both A and B1,B2 has assurity that they are communicating to the right partner. Means, in case, if someone forge the IP of B1,B2 then A must know that its not communicating with the right person.

    • Both A and B1,B2 etc belongs to same intranet but different network segments. Probably, A will be on separate box and behind firewall.

    Kindly advise what are the methods available to assure above two points


    Bye,
    Viki

    Count the flowers of your garden, NOT the leafs which falls away!
    Prepare IBM Exam 340 by joining http://groups.yahoo.com/group/IBM340Exam/
    Henry Wong
    author
    Sheriff

    Joined: Sep 28, 2004
    Posts: 16690
        
      19

    I like...
    C++ Eclipse IDE Firefox Browser
    posted private message
    0
    Quote
    Vikrama Sanjeeva wrote:Hi all,

    There is an app A, providing an interface for payment processing to all those apps (B1, B2, ...) connecting to it. Means app A takes payment details as an input from B1, B2 etc and passes this input to a payment processor.

    App A will publish its services via various modes (WS, JMS, Sockets etc) so that B1,B2 has multiple ways to connect app A.

    I want to assure:

  • 2-Way communication between A and B1,B2 etc is secure and confidential
  • Both A and B1,B2 has assurity that they are communicating to the right partner. Means, in case, if someone forge the IP of B1,B2 then A must know that its not communicating with the right person.

    • Both A and B1,B2 etc belongs to same intranet but different network segments. Probably, A will be on separate box and behind firewall.

    Kindly advise what are the methods available to assure above two points


    Bye,
    Viki



    SSL will encrypt (protect the data packets from being seen by a third party) -- so that will solve the first issue. SSL also support authentication, so that will kinda help protect against "untrusted" sources. However, that probably won't guarantee that the other end is correct -- to do that you will have to use some sort of application level authentication.

    Henry

    Books: Java Threads, 3rd Edition, Jini in a Nutshell, and Java Gems (contributor)
     
    I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to run our stuff on 16 servers instead of 3.
     
    subject: ensuring secure and trusted communication between two applications
     
    Similar Threads
    Boolean Operator
    RemoteException and transaction roll back
    operator precedence K&B question
    complex boolean expressions without parentheses
    clarification if condition