If I use Java sockets /netty, can someone else masquerade as my server and vice versa?
Question
I am using netty for a simple project of mine, where I need to send messages from client to server and from server to client.
After a connection is established between client and server, is it possible for a third party to send data to the same client port as if the message came from my server? And can someone pretend to be a client that was connected earlier by sending data to the specific port on my server? Or does being 'connected' mean that the server and client will know that the data is from the entity that it initiated the connection with?
If it matters I'm using NioSocketChannel in netty.
To elaborate, I'm not using an encrypted channel (SSL/TLS) yet. I just want to know I am talking with the same entity that initiated the connection . I don't need to know it's the same entity I initiated the connection with the previous time (which I guess could be achieved with username/password).
1 answers
solution1
3 ACCPTED 2016-08-04 07:34:25
At the network level, you will be using an unsecured TCP/IP stream which can be intercepted, spoofed and so on. If you want end-to-end security, and assurance that your client is talking to the real server (and vice versa), you need to use SSL, or (better) TLSv1 or TLSv2.
References:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.