A secure way to communicate between applications on the same machine

Question

A secure way to communicate between applications on the same machine

What is the safe method of communication between two applications on the same computer, both with Java and with C / C ++ - clients with a Java server.

Are SSL sockets safe, or can they be broken by man-in-the-middle attacks?

The main issue is how can clients trust the local server?

Deploying a remote server will improve local communication security and how can this be achieved?

+4

java c ++ security ssl

Radu May 11, '10 at 14:13

source share

5 answers

Pontus gagge · Answer 1 · 2010-05-11T14:20:58+0000

You need to develop your own threat model. This is a common truism that anyone with physical access to your equipment, motivation and enough time will be able to undermine something. This doubles if this attacker is an administrator on the server.

And yes, everything that is in your code is read with administrator access. You can try smart tricks, such as encrypting or obfuscating a password stored in binary / JAR files, but this is an obstacle, not an absolute barrier.

Again, on the other hand, there are no absolute barriers to privacy, just more or less effective barriers. Regardless of your measures, regardless of the strength of your encryption and key management, with enough time and incentives, something will give way. Which brings us back to my first point: what is your threat model (which attacks do you want to defend against); how much are your protected assets; and to whom and what do you trust?

bmargulies · Answer 2 · 2010-05-11T14:19:39+0000

Safe from what? If an attacker has a root, he can undermine system calls and spy on memory buffers before encryption and after decryption, and you can’t do anything, it’s safe.

If the attacker does not have root, they cannot see this information, even if you do not encrypt it.

Therefore, I do not see the point in this.

mdma · Answer 3 · 2010-05-11T14:19:56+0000

If your entire system, including its secrets, runs on the same machine, then it is inadvertently unsafe. A hacker can see all parts of the system and with sufficient effort can unravel any protection or encryption scheme that you created.

If the system should be 100% secure, part of the system should be remote and inaccessible to the hacker.

Chris dennett · Answer 4 · 2010-05-11T14:20:17+0000

I have to say that files with memory mappings or shared memory areas are the safest method, which Java and C ++ ( Win32 , Unix ) support interprocess communication. This is more complicated, although you have to deal with your own synchronization. Full bypass connectors.

Marnix A. van Ammers · Answer 5 · 2010-05-11T14:23:04+0000

The pipe should provide a secure (and easy) connection. Yes, hackers can get the password if it is stored in a binary file, and binary permissions allow you to read the file.

A secure way to communicate between applications on the same machine

More articles: