×

Loading...

Topic

This topic has been archived. It cannot be replied.
  • 工作学习 / IT技术讨论 / Jabber,and other Java Gurus please give some suggestion -lsc(Kantata); 2000-10-29 {319} (#12415@0)
    Hi, I am designing a project with C/S architecture using RMI. I need to consider a secure communication and authentication
    between client and server. I do not know much about RMI security. I want to know if there is some security mechanism I can directly depend on, or with few application level programming?

    Thanks
    • My previous experience with Sybase and applet -sailor(Sailor); 2000-10-29 {599} (#12438@0)
      I don't know how to answer your question, but I can share my similar experience with you.

      2 years ago I was working on a Java applet project, the database is Sybase. As the java bytecode is not a pure-compiled code, it's unsafe to put the userid and password of the database in the java code. But with JDBC you have to.

      The final solution is I set a privillege protection on the database with carefully designed mechanism. I use table privillege and stored procedure.

      In that case, even someone get the userid and password, he still cannot access the protected data in the database.
      • thanks, sailor, your experience is valuable to my project... -lsc(Kantata); 2000-10-30 {238} (#12546@0)
        thanks, sailor, your experience is valuable to my project. I want to know more detail about table privillge and stored procedure, is it product specific or general solution? since we would not bind our project on certain database product.
        • About privilege control of database. -sailor(Sailor); 2000-10-31 {481} (#12694@0)
          For those database system from big vendors like Sybase, you can set the security privilege for tables, records, columns. You can set any of them as readonly, not-accessable, etc.

          You may also set privilege for stored procedures.

          With the combination of all these security methods, you may define a security mechanism to protect your data and system. If you haven't touch this topic before, I suggest you to study the manual of the database product.

          Hope it's helpful.
          • thank you, Sailor -lsc(Kantata); 2000-11-1 (#12778@0)
    • If your project is not connected to Internet, RMI is good enough. -jabber(jabber); 2000-10-30 {430} (#12529@0)
      If your project is connected to Internet, go on with RMI. At the final stage, use SSL to encrypt your communication. As for authentication, it is not a probelm that can be solved by using some protocol. If your business is extremely important,
      have your boss negotiate with Verisign oor list like to get certificates. Authentication based on certificates are most serious way to authenticate the partners in communications.
      • need I use socket factory when using ssl, Jabber?could explain more about it? At the same time, I will try to learn more about RMI security. -lsc(Kantata); 2000-10-30 (#12545@0)
        • It depends upon what server you use -jabber(jabber); 2000-10-31 {266} (#12560@0)
          If you use Apache, you just need do some configuration work. http and https listen at different number. If you use other servers, I don't have an idea how to implement ssl.
          Anyway, it is not difficult to apply ssl. But SSL can encrypt your communications only.
          • Thank you, Jabber -lsc(Kantata); 2000-11-1 (#12779@0)
枫下论坛主坛工作学习IT技术讨论