I want to use JPDA but I have many concerns about the security. From what I see there is no authentication so anyone can scan for open port on a machine and try to enter with any remote debugger tool. From there it's possible to do almost anything with the application.
So, is it safe to use JPDA? Is there a way to protect the remote application from any potential attack (with user/password for example)?
If the person who implements the technology knows what he is doing it is safe. If the person in question does not know what he is doing it is unsafe. It is not in any way related to the technology itself.
Other than that, any insecure channel can be made secure, as long as you think out of the box in stead of in code. Example: you can block connections from remote JPDA sessions unless they come through a VPN connection. Then you effectively shut out the entire bad outside world and only allow the select group of people that have access to the VPN.
Are you really sure you need JPDA though? It is basically built to be able to implement debugging services in (Java) development tools such as an IDE.
What I want is to be able to do remote debug on a running application when there's a problem. I use Eclipse as my IDE and by looking on the Internet I found out about JPDA. There is an option for remote debug with Eclipse and it uses JPDA so I decided to try it. It was exaclty was I was looking for and it's a complete supprise to hear that it's not supposed to be used for that.
By the way, I like the idea to limit the socket port to only specific machines. I'll have to do some research on how to do that but that is definitely a solution to my security concerns.