Win a copy of Head First Android this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Rob Spoor
  • Devaka Cooray
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • Tim Holloway
Bartenders:
  • Jj Roberts
  • Al Hobbs
  • Piet Souris

Security for a desktop application

 
Ranch Hand
Posts: 1228
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Nice to have authors Ramesh Nagappan and Christopher Steel here in ranch.
I'm a green horn in security field.

I have a desktop application built on RMI. For sending the datas from server to client I use javax.cryptography package. But is there any other way to make this happen in secure way.

I have also worked on https in web apps. Can these certificates be used for other than http protocols or only for http request and http response.
 
Author
Posts: 159
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Srinivasa,

Have you tried "RMI over SSL with Mutual Authentication" with Client Certs ? I would able to send you the sample code - how to implement them.

To support these scenarios., we suggest the use of "Secure Pipe" pattern with "Application Layer Using JSSE" strategy.

Regards

/Ramesh
 
Ramesh Nagappan
Author
Posts: 159
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Ramesh Nagappan:
Hi Srinivasa,

Have you tried "RMI over SSL with Mutual Authentication" with Client Certs ? I would able to send you the sample code - how to implement them.

Other options are using a SSL/Network appliance !

To support these scenarios., we suggest the use of "Secure Pipe" pattern with "Application Layer Using JSSE" strategy.

Regards

/Ramesh

 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Srinivasa,
In addition to Ramesh's response concerning RMI over SSL, you can also use those certificates in protocols other than HTTP(S). You could choose to implement your own public key exchange protocol, (similiar to SSL) over any protocol you choose. While it is generally bad practice to write your own security protocol (especially if you are new to security), it is sometimes necessary. Review Chapter 2 - Basics of Security and Chapter 4 - Java Extensible Security Architecture and APIs. Also read through the security examples in JDK docs.
If you are using RMI, the RMI over SSL approach discussed in Chapter 9 is the best solution, as it leverages the built-in Java implementation and requires little knowlege of the protocol. You will still have to deal with key/cert management issues and therefore will want to read up on the Java KeyStore class and keytool utility.
 
Srinivasa Raghavan
Ranch Hand
Posts: 1228
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Ramesh & Christoper. I'm not aware of this as i'm very new to this security field. As suggested i'll explore secure pipe pattern and also update this thread if i face any new issues.
 
Ranch Hand
Posts: 1312
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm found some tutorial of RMI over SSL

http://www.cs.columbia.edu/~akonstan/rmi-ssl/
http://www.javaworld.com/javaworld/jw-05-2001/jw-0511-howto.html
reply
    Bookmark Topic Watch Topic
  • New Topic