Hi I have client /server application socket (network messaging system ) without
ID: 3826338 • Letter: H
Question
Hi
I have client /server application socket (network messaging system ) without any security features, I made my app with java, now my task how to make this app secure with following functions:
· Verify users when they log into the system to ensure they are who they say they are
· Encrypt all communication between client and server
· Allow users to send and receive messages between each other with the knowledge that all messages are authentic and can only be seen by the intended recipient
· Allow users to know when messages they have sent have been read (to help ensure non-repudiation)
any advice? Thanks
Explanation / Answer
Idea 1:
1)You can add security by including following code :
Originally code:
final SocketFactory factory = SocketFactory.getDefault();
final Socket socket = factory.createSocket(host, port);
You simply change the factory and use SSL socket factory:
Also import these statement. Java has a security package which implements security for transaction between client and server
import java.security.*;
final SocketFactory factory = SSLSocketFactory.getDefault();
final Socket socket = factory.createSocket(host, port);
The same can be applied to ServerSocketFactory.
Idea 2:
You can use crptographic techniwues like AES to encrypt the data and decrypt the data in a communication.