-
1. Re: How secure is RMI?
kenneth Aug 21, 2002 2:18 PM (in response to anlei)Personally, I've always preferred to keep my RMI access behind a firewall; where necessary I would expose a web-service API to untrusted clients instead of RMI. I would be concerned with efficiency if encrypting all my RMI traffic. But I can imagine situations you would want to do this.
To secure RMI you need to run it over SSL. A good description of how to do this is given in the "JBoss Administration and Development", for JBoss 2.4.x. Hopefully the JBoss guys will forgive me for copying a snippet here to set you on the right track:
"The JBossSX framework includes implementations of
the java.rmi.server.RMIServerSocketFactory and java.rmi.server.RMIClientSocketFactory
interfaces that enable the use of RMI over SSL encrypted sockets. The implementation
classes are org.jboss.security.ssl.RMISSLServerSocketFactory and
org.jboss.security.ssl.RMISSLClientSocketFactory respectively."
I suggest you buy the book, and check out Chapter 8.
Hope this helps.
Kenneth -
2. Re: How secure is RMI?
anlei Aug 22, 2002 9:51 AM (in response to anlei)Hi,
thanks alot for your very helpful answere!
We are still evaluating JBoss, but have already purchased the Administration&Development + CMP. I even skimmed both. The CMP docs are very very good. It´s just that the Ad&Dev docs are a bit hard to swallow for me right now, because my EJB/J2EE knowledge is still in it´s very infancy - to say the least (;
Andreas