5 Replies Latest reply on Jul 2, 2012 2:11 PM by 931685

    Local Area Network Application

      Please I am trying to write a local Area Network Application that would work for an organisation.
      I intend using RMI to approach it. But I would want to know if RMI approach to network programming as any security issues. Cause i want the application to be super secure. I would have used socket but i kind of find it difficult to use socket to develop complex applications. I would also appreciate if any one could help me with a tutorial that explains in details on how to use socket to develop complex applications.
      This is my email address *[removed by moderator]*.

      Or you could give me a link were I can download it.

      Edited by: EJP on 16/06/2012 10:41: removed your email address. These forums are for public questions and public answers. If you want a private consultant, hire one.
        • 1. Re: Local Area Network Application
          Well, you would use sockets to implement a complex application just as you would to implement a simple application -- only your application is going to be more complex. You wouldn't use the sockets any differently in your complex application.

          To find a tutorial about how to use sockets, your web search keywords are "java socket tutorial". Choose the Oracle tutorial from the list which you get from your search engine.

          As for RMI: it's implemented using sockets, as is any Java application which communicates across a network. Whether it has any security issues -- I'm no security expert, but no doubt you can use a packet sniffer to see what it's sending. And since it sends serialized Java objects, it might be possible to reverse-engineer the packet sniffer's output to inspect the contents of those objects. Whether that counts as "super secure" is up to you when you clarify the term's definition.
          • 2. Re: Local Area Network Application
            Of course RMI can be made super secure by using secure sockets. I have never done it but I understand that regular contributor to these forms Esmond J Pitt ( EJP ) is somewhat of an expert on this and has written a book on RMI.
            • 3. Re: Local Area Network Application
              RMI can be made 'secure' by using SSL socket factories. I wouldn't describe it as 'super secure', because it has several major* security limitations. You have no way of performing an authorization step in your application, as you have no access to the peer certificate or peer identity. You have no opportunity to establish a trust relationship about the code you are downloading in the form of stubs, or classes supplied via the codebase feature: for example, the client has no reason to trust the SSL socket factory itself, which comes from the server. If you want Activation there is no such thing as a secure Activation daemon. And so on. Whether what remains, which is just privacy, integrity, and authentication, is adequate for the OP is up to him.
              • 4. Re: Local Area Network Application
                928682 wrote:
                Cause i want the application to be super secure.
                Technology is only part of a security solution. A company must create security policies, implement processes and review to insure that they are followed. Coding applications in a way that makes them secure is only part of that. And it is seldom enough on the technology side to address only a programming language. For example another common technology is some sort of database, and that too must be secured.
                • 5. Re: Local Area Network Application
                  I went all out to do research on how to use socket, http and ssl extension. I am now good at using socket and http. I am presently learning on ssl and it certificate issues. for the project i intend using SSL socket to create it to be sure of maximum security.