This content has been marked as final. Show 5 replies
Well, you would use sockets to implement a complex application just as you would to implement a simple application -- only your application is going to be more complex. You wouldn't use the sockets any differently in your complex application.
To find a tutorial about how to use sockets, your web search keywords are "java socket tutorial". Choose the Oracle tutorial from the list which you get from your search engine.
As for RMI: it's implemented using sockets, as is any Java application which communicates across a network. Whether it has any security issues -- I'm no security expert, but no doubt you can use a packet sniffer to see what it's sending. And since it sends serialized Java objects, it might be possible to reverse-engineer the packet sniffer's output to inspect the contents of those objects. Whether that counts as "super secure" is up to you when you clarify the term's definition.
Of course RMI can be made super secure by using secure sockets. I have never done it but I understand that regular contributor to these forms Esmond J Pitt ( EJP ) is somewhat of an expert on this and has written a book on RMI.
RMI can be made 'secure' by using SSL socket factories. I wouldn't describe it as 'super secure', because it has several major* security limitations. You have no way of performing an authorization step in your application, as you have no access to the peer certificate or peer identity. You have no opportunity to establish a trust relationship about the code you are downloading in the form of stubs, or classes supplied via the codebase feature: for example, the client has no reason to trust the SSL socket factory itself, which comes from the server. If you want Activation there is no such thing as a secure Activation daemon. And so on. Whether what remains, which is just privacy, integrity, and authentication, is adequate for the OP is up to him.
928682 wrote:Technology is only part of a security solution. A company must create security policies, implement processes and review to insure that they are followed. Coding applications in a way that makes them secure is only part of that. And it is seldom enough on the technology side to address only a programming language. For example another common technology is some sort of database, and that too must be secured.
Cause i want the application to be super secure.
I went all out to do research on how to use socket, http and ssl extension. I am now good at using socket and http. I am presently learning on ssl and it certificate issues. for the project i intend using SSL socket to create it to be sure of maximum security.