tags:

views:

488

answers:

5
+2  Q: 

How to create Java socket that is localhost only?

Hi,

I have a Java server that opens up a socket using ServerSocket (using Thrift with it). This server has a client on the local machine in Obj-c that communicates with the Java server. Everything happens on localhost. Right now the java server is visible on the network as well, I would like the java server to only be accessible on localhost. Otherwise it is a potential security vulnerability and it freaks users out when their firewall warns them.

I tried creating the server socket using an InetSocketAddress('localhost', 9090) but that seems to have no effect. How can I limit this thing to localhost?

A: 

You can't have a "Unix domain socket"-like thing with Java because Java was designed to be cross-platform. However, that's the case without a third party library. I haven't dealt with it myself, but you can take a look at this project and see if it's what you need.

And of course, you'll be able to use it on *nix systems only.

Good luck!

shinkou  2010-02-05 04:43:11
-1 - he doesn't want a "Unix domain socket". He wants a socket on the lookback interface; i.e. on 127.0.0.1.
Stephen C  2010-02-05 05:07:24
Yes, but that's the only way which guarantees the server only accepts local connections. i.e. "localhost" could be mapped to something else, depending on the network settings, although it is not very likely to be the case.
shinkou  2010-02-08 01:43:40
+4  A: 

Try

new ServerSocket(9090, 0, InetAddress.getByName("localhost"))

The last parameter to the constructor specifies which address to bind the listening socket to.

Geoff Reedy  2010-02-05 04:45:34
+1 - but bear in mind that some machines don't understand "localhost". So using the IP address 127.0.0.1 is probably more robust.
Stephen C  2010-02-05 05:11:21
Is that really how that constructor works? I had posted that suggestion, but after rereading the description, thought that it sounds like that constructor just chooses only one network connection to accept connections on, instead of all of them (if the system has more than one network device).
Kaleb Brasee  2010-02-05 13:38:29
@Stephen that could cause problems in the future with a host that is primarily IPv6 or even IPv6 only.
Geoff Reedy  2010-02-05 14:22:18
@Kaleb yeah, in principle the localhost address is considered to be a separate network device, usually referred to as the loopback device.
Geoff Reedy  2010-02-05 14:23:48
@Geoff - so either you are screwed because some (real windows) machine does not have a "localhost" entry, or because some (hypothetical) machine is does not support IPv4.
Stephen C  2010-02-05 22:32:19
-1 for believing "localhost" is always mapped to the local machine.
shinkou  2010-02-08 01:49:01
+1  A: 

Check this other question and the given answers: How to determine an incoming connection is from local machine

Abel Morelos  2010-02-05 04:53:36
+1  A: 

new ServerSocket(9090, 0, InetAddress.getByName("127.0.0.1"));

EJP  2010-02-15 02:57:33
A: 

Taken from another question:

new ServerSocket(9090, 0, InetAddress.getByName(null));

InetAddress.getByName(null) points to the loopback address (127.0.0.1)

And here's the Javadoc where it says that

Matías  2010-06-08 04:33:20

related questions

How do I get the external IP of a socket in Python?
How Do Sockets Work in C?
How do you send and receive UDP packets in Java on a multihomed machine?
Can't Re-bind a socket to an existing IP/Port Combination
Reading from a socket in C#
Sockets and Processes in Java
Stream data (such as music) using PHP (or another language)
How to forcibly close a socket in TIME_WAIT?
How do I make persistent network sockets on Unix in Ruby?
What's the idiomatic way to do async socket programming in Delphi?
How do you minimize the number of threads used in a tcp server application?
WSACancelBlockingCall exception
C# Performance For Proxy Server (vs C++)
How to get your own (local) IP-Address from an udp-socket (C/C++)
Free Network Monitor
Reconnect logic with connectivity notifications
Maximum buffer length for sendto?
Configure a Java Socket to fail-fast on disconnect?
Sockets in Pascal
Firefox plugin - sockets
How can I determine the IP of my router/gateway in Java?
ActionScript 3.0 sockets can't reconnect
Reverse DNS in Ruby?
Asynchronous multi-direction server-client communication over the same open socket?
How to use the C socket API in C++ on z/OS