1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Java Server/Client + Server Firewall Safety

Discussion in 'General Security' started by Valignus2010, Aug 27, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Valignus2010

    Valignus2010 Thread Starter

    Joined:
    Aug 27, 2010
    Messages:
    6
    Hi I'm working on a client/server with the Java programming language and trying to figure out how to protect my server. With my current Virus/Firewall protection suite theres nothing I can do to keep out unwanted Java applications on the port I choose to allow the Java SE Binary through for clients accessing the server application. ESET Smart Security 4 is what I am using. Does anybody know of a security suite that would allow only a specific Java application to get through the firewall? I'm not to sure on this subject because my firewall is identifying any Java application as only the "Java SE Binary" and not I'm sure if you can even really name your Java application like you would something you would write in C++. Any information would be appreciated, thank you.
     
  2. Sponsor

  3. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    8,058
    You could set the server to query the client for some sort of ID. And drop the session when the reply doesn't match.

    The best defence for internet based server applications is validation, validation and more validation of ALL user supplied data.
     
  4. Valignus2010

    Valignus2010 Thread Starter

    Joined:
    Aug 27, 2010
    Messages:
    6
    Yeah that will work for a program connecting to the java server application, but doesn't really secure the rest of the open port from another java application accessing the rest of my Java SE Binary does it?.

    My understanding is that when I create a rule on my ESET Smart Security Firewall, for the Java SE Binary, any Java program can access the Java Virtual Machine running on my system through that port and do anything that it wants, and Java allows.

    I do not think that I can make the server application catch all connections if they are not directed at the specific server application.
     
  5. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    8,058
    I think Java JVM itself does not react to anything on any port. Only your java program does, on a certain port that you choose. I don't think anything can touch the Java JVM directly through the port chosen for your server app.

    In other words, your server program is holding on to that open port, and all interactions with that port is defined in your server program. Any other Java program which tries to interact with that port Has to work through your server program.
     
  6. Valignus2010

    Valignus2010 Thread Starter

    Joined:
    Aug 27, 2010
    Messages:
    6
    If that is the case, then I'll be a lot better off when I add secure sockets. Thanks for the replies! :)
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Java Server Client
  1. heymrdj
    Replies:
    0
    Views:
    205
  2. bobsteamer
    Replies:
    3
    Views:
    2,745
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/946098