[英]Security risk in java server?
我在這里有2個簡單的代碼:
服務器:
package myserver;
import java.io.*;
import java.net.*;
class MyServer {
public static void main(String argv[]) throws Exception {
String clientSentence;
String capitalizedSentence;
ServerSocket welcomeSocket = new ServerSocket(6789);
while (true) {
Socket connectionSocket = welcomeSocket.accept();
BufferedReader inFromClient = new BufferedReader(new InputStreamReader(connectionSocket.getInputStream()));
DataOutputStream outToClient = new DataOutputStream(connectionSocket.getOutputStream());
clientSentence = inFromClient.readLine();
System.out.println("Received: " + clientSentence);
capitalizedSentence = clientSentence.toUpperCase() + '\n';
outToClient.writeBytes(capitalizedSentence);
}
}
}
客戶:
package myclient;
import java.lang.*;
import java.io.*;
import java.net.*;
import java.util.Scanner;
class MyClient {
public static void main(String argv[]) throws Exception {
String sentence;
String modifiedSentence;
BufferedReader inFromUser = new BufferedReader(new InputStreamReader(System.in));
Socket clientSocket = new Socket("localhost", 6789);
DataOutputStream outToServer = new DataOutputStream(clientSocket.getOutputStream());
BufferedReader inFromServer = new BufferedReader(new InputStreamReader(clientSocket.getInputStream()));
sentence = inFromUser.readLine();
outToServer.writeBytes(sentence + '\n');
modifiedSentence = inFromServer.readLine();
System.out.println("FROM SERVER: " + modifiedSentence);
clientSocket.close();
}
}
現在...。如果我向公眾開放此服務器,通過發送修改后的程序包並進入系統會不會有安全隱患? (服務器使用的是Linux發行版。)還是只能發送簡單的字符串?
這段代碼只會讀取一個字節序列並將其打印出來(並發送響應)。 據我所知,這完全沒有風險。
有人通過發送沒有換行符的大量數據可能使Java進程崩潰。 根據您為JVM提供的內存量,這可能會影響運行該程序的服務器。
將表示文件的字節數組轉換為Java中的字符串是否存在安全風險?
[英]Is converting a byte array representing a file to a String in java a security risk?
Java發現了可能構成安全風險的應用程序組件
[英]Java has discovered application components that could pose a security risk
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.