What is the safest communication method between two applications on the same machine, both Java and C/C++ clients with a Java server.
Are SSL sockets safe enough or they can be broken by "man in the mi开发者_C百科ddle" attacks?
The main concern here is how the clients can trust the local server?
Would introducing a remote server improve the security of the local communication and how can this be achieved?
You need to elaborate your threat model. It's a general truism that anyone with physical access to your hardware, motivation and sufficient time will be able to subvert anything. This goes double if that attacker happens to be an admin on the server.
And yes, anything that is in your code is readable with admin access. You can try clever tricks like encrypting or obfuscating a password stored in binaries/JAR files, but this is a hindrance, not an absolute barrier.
Again, on the other side, there are no absolute barriers for confidentiality, merely more or less efficient obstructions. Whatever your measure, whatever the strength of your encryption and key management, with enough time and incentives, anything will yield. Which returns us to my first point: what is your threat model (what attacks do you wish to protect against); how much are your protected assets worth; and whom and what do you trust?
Safe from what? If an attacker has root, they can subvert system calls and spy on memory buffers before encryption and after decryption, and nothing you can do is safe.
If an attacker does not have root, they can't see this information even if you don't encrypt it.
So I don't see a point to this.
If your entire system, including it's secrets are running on the same machine, then unforutnately it is intrinsicly unsafe. A hacker can see all parts of the system, and with enough effort, can unravel any protection, or encryption scheme you put in place.
If the system must be 100% secure then part of the system needs to be remote, and so unavailable to a hacker to comprimise.
I'd have to say that memory-mapped files or shared memory regions are the safest method, which both Java and C++ (Win32, Unix) support for interprocess communication. It's more complex though as you have to deal with your own synchronisation. Bypass sockets completely.
A pipe should provide safe (and easy) communication. Yes, hackers would be able to retrieve a password if it is stored in a binary and the binary's permissions allow reading the file.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论