Java RMI and security
Posted on 1998-07-02
I am writing a client/server application in Java with RMI as the communication method. Could you give me some ideas or references on implementing a secure connection between client/and server. At the minimum I need an authentication of the client logging in into the server, where the server has the password file (and I do not want to send a password accross the network). So how do you implement authentication in java?
And it is desirable to encrypt all the information exchanged between the client and the server. I understand that java.security package provides means to do that but I would like to do as little as possible at the application layer.
Since RMI makes the details of network communications invisible to the user one would think that encrypting and decrypting data should also be implemented in that network layer (similarly to how it is done in SSL where security is built into the protocol and is not maintaned on the application layer). So are there any RMI varieties which provide secure data exchange?