Re: Limiting RMI to localhost
- From: Tom Anderson <twic@xxxxxxxxxxxxxxx>
- Date: Mon, 30 Jun 2008 18:49:01 +0100
On Mon, 30 Jun 2008, Ronny Schuetz wrote:
I'm writing a big application that I divide into 2 processes (server and interface) with RMI to communicate between them. I would like to limit the access to the server only from the interface process and also only from the local machine. Is there a way to limit RMI to localhost only?
I cannot block all sockets outside the machine since I use them in the
server process.
Can't you setup to RMI server socket to explicitly listen on localhost:<your port>? This way it shouldn't be accessible from outside.
A server socket bound to localhost will be able to receive connections from outside. Unless you mean that <your port> would also be firewalled? That should work.
How about using the version of UnicastRemoteObject.exportObject that takes a pair of socket factories? The important one would be the RMIServerSocketFactory; you could use that to make a special subclass of ServerSocket that overrides accept() to check the client's address. Something like:
public Socket accept() throws IOException {
while (true) {
Socket sock = super.accept() ;
if (sock.getRemoteAddress().equals(sock.getLocalAddress())) {
return sock ;
} else {
// might want to log the attempted connection
try {
sock.close() ;
} catch (IOException e) {
// might want to log this too
}
}
}
}
I'm not absolutely sure that this will always work; if you bind the server socket to localhost, but open connections to yourself via an explicit name, the addreses might not match. I don't really know how to deal with that - what's a good general way of asking if an InetAddress refers to an interface on the local machine? Perhaps you should just make the rule even stricter, and say that only connections via the loopback interface will be accepted; this avoids the problem.
The RMIClientSocketFactory would just open sockets in the normal way. It wouldn't do the clever stuff that RMI's default socket factory does - falling back to HTTP and so on. It could even do the remote-vs-local address checking itself, and abort any attempts to connect to remote machines. This obviously wouldn't be enough to guarantee security, as a malicious attacker could just not use this factory.
Another really cool thing to do would be to write a pair of client and server socket factories that used unix domain sockets (AF_UNIX), rather than TCP/IP sockets (AF_INET). These are local-only by definition, and ought to be faster (but probably aren't). They would only work on unix, though. And there isn't AF_UNIX support in the standard java libraries.
You might also be able to do something by using RMI-IIOP and using the controls your ORB provides.
tom
--
It's odd to discover your quips in other people's .sig files. --
Benjamin Rosenbaum
.
- Follow-Ups:
- Re: Limiting RMI to localhost
- From: Gordon Beaton
- Re: Limiting RMI to localhost
- From: haimcn
- Re: Limiting RMI to localhost
- References:
- Limiting RMI to localhost
- From: haimcn
- Re: Limiting RMI to localhost
- From: Ronny Schuetz
- Limiting RMI to localhost
- Prev by Date: Re: interview question on database update
- Next by Date: Re: java tutorial available for download
- Previous by thread: Re: Limiting RMI to localhost
- Next by thread: Re: Limiting RMI to localhost
- Index(es):
Relevant Pages
|
