Is communication between clients and servers in java rmi secure (i.e. encrypted by default)?
+3
A:
Encoded, yes. Encrypted, no.
JERI for JINI gives JRMP (the RMI protocol) over SSL, IIRC.
JSR #76 would have provided RMI Security, however it was controversially voted down.
Tom Hawtin - tackline
2010-02-22 22:38:18
+1 You just blew the minds of those who that that the two words meant the same thing.
Mark Byers
2010-02-22 22:39:50
Given most computer security it would seem that a lot of programmers consider those word synonyms. ;) Or rather ;(
Tom Hawtin - tackline
2010-02-22 22:46:14
+2
A:
I think you mean "encrypted" not "encoded". The answer is no. If you're using RMI in a non-trusted environment I would suggest something like RMI over SSH tunneling.
cletus
2010-02-22 22:38:55
+1
A:
By secure I guess you mean encrypted. Not by default with RMI. You can use custom socket factories to encrypt RMI comms.
Brabster
2010-02-22 22:39:58
+2
A:
In short, no.
http://java.sun.com/j2se/1.4.2/docs/guide/rmi/faq.html#encryption
In essence, the network channel has to be encrypted if you need things to be secure.
hythlodayr
2010-02-22 22:40:12