Esmond Pitt wrote:
Is RMI a good choice? My remote interface only exposes
hardened methods, so if clients can only call those methods, things
are safe enough.
There's no way for them to call anything else via RMI. They could try at
the TCP/IP level, but they'd have to implement both the RMI *and* the
Serialization protocols themselves
They could save themselves a little effort by using Java for their nefarious
intrusion attempts.
Another thing that I'd be concerned about (that's to say, something that I'd
want to look into before deciding /whether/ it was a serious issue) would be
the possibility of DoS attacks on the game server. While it might be difficult
to send non-garbage data to the server; garbage, or semi-garbage, is sometimes
sufficient if all you want to do is disrupt service. E.g. if a malicious
client opens 1000s of TCP connections then doesn't send anything over them, or
opens connections and sends megabytes of garbage, or repeatedly resends
near-valid byte sequences obtained by sniffing a previous session. I repeat
that I'm not saying that RMI (or any particular RMI implementation) /is/
susceptible to that kind of attack, but only that it's something I'd want to
explore.
-- chris
This also doesn't seem localized to RMI. It might be easier to detect