Re: Limiting RMI to localhost
- From: haimcn@xxxxxxxxx
- Date: Mon, 30 Jun 2008 11:38:29 -0700 (PDT)
On Jun 30, 8:49 pm, Tom Anderson <t...@xxxxxxxxxxxxxxx> wrote:
On Mon, 30 Jun 2008, Ronny Schuetz wrote:
I'm writing a big application that I divide into 2 processes (server
and interface) with RMI to communicate between them. I would like to
limit the access to the server only from the interface process and also
only from the local machine. Is there a way to limit RMI to localhost
only?
I cannot block all sockets outside the machine since I use them in the
server process.
Can't you setup to RMI server socket to explicitly listen on
localhost:<your port>? This way it shouldn't be accessible from outside.
A server socket bound to localhost will be able to receive connections
from outside. Unless you mean that <your port> would also be firewalled?
That should work.
How about using the version of UnicastRemoteObject.exportObject that takes
a pair of socket factories? The important one would be the
RMIServerSocketFactory; you could use that to make a special subclass of
ServerSocket that overrides accept() to check the client's address.
Something like:
public Socket accept() throws IOException {
while (true) {
Socket sock = super.accept() ;
if (sock.getRemoteAddress().equals(sock.getLocalAddress())) {
return sock ;
} else {
// might want to log the attempted connection
try {
sock.close() ;
} catch (IOException e) {
// might want to log this too
}
}
}
}
I'm not absolutely sure that this will always work; if you bind the server
socket to localhost, but open connections to yourself via an explicit
name, the addreses might not match. I don't really know how to deal with
that - what's a good general way of asking if an InetAddress refers to an
interface on the local machine? Perhaps you should just make the rule even
stricter, and say that only connections via the loopback interface will be
accepted; this avoids the problem.
The RMIClientSocketFactory would just open sockets in the normal way. It
wouldn't do the clever stuff that RMI's default socket factory does -
falling back to HTTP and so on. It could even do the remote-vs-local
address checking itself, and abort any attempts to connect to remote
machines. This obviously wouldn't be enough to guarantee security, as a
malicious attacker could just not use this factory.
Another really cool thing to do would be to write a pair of client and
server socket factories that used unix domain sockets (AF_UNIX), rather
than TCP/IP sockets (AF_INET). These are local-only by definition, and
ought to be faster (but probably aren't). They would only work on unix,
though. And there isn't AF_UNIX support in the standard java libraries.
You might also be able to do something by using RMI-IIOP and using the
controls your ORB provides.
tom
--
It's odd to discover your quips in other people's .sig files. --
Benjamin Rosenbaum
Thanks!!
I'll try that and report if it worked.
.
- References:
- Limiting RMI to localhost
- From: haimcn
- Re: Limiting RMI to localhost
- From: Ronny Schuetz
- Re: Limiting RMI to localhost
- From: Tom Anderson
- Limiting RMI to localhost
- Prev by Date: Re: counts the number of hit on a website containing many JSPs
- Next by Date: Re: counts the number of hit on a website containing many JSPs
- Previous by thread: Re: Limiting RMI to localhost
- Next by thread: Re: Limiting RMI to localhost
- Index(es):
Relevant Pages
|
