Quote:
Originally Posted by BinarySurfer
I don't intend to keep track of anything and the strings aren't sensitive, it just allows connection with the proper password, and sends whatever other strings comes it way to the other clients.
|
If it has a password, and you don't want unauthorised people to access it, then you'll need some encryption. There's a number of Java libraries out there that provide good crypto, and quite a bit of functionality in the standard Java libraries. If you look around, you may even find a system that does most of the work for you - encrypting network data streams is a very common problem.
Quote:
Originally Posted by BinarySurfer
It was also brought to my attention that allowing the server through the firewall leaves my computer vulnerable through the port it uses because it's exposed/open. Is that true?
|
I don't know who you're talking to, but at best, we're only talking about
potential vulnerabilities. Opening a port and running a server off it doesn't magically make your system vulnerable. You need to first screw something up, and your program seems simple enough that this would be relatively difficult.
I'll give you an example of a potential vulnerability that a program could have, just so you have some idea of what makes a system vulnerable to attack. Let's say you've made a file server, which people can use to download files off you. You probably don't want to give them access to your
entire hard drive, so you limit them to a single directory, like so:
String filenameUserRequested = getFilenameFromUser();
String filenameOnDisk = "C:\\My Shared Folder\\" + filenameUserRequested;
At first glance, this may look okay. But what if someone requests a file called "..\\My Private Folder\\My_bank_account_password.txt". The ".." at the beginning will cause the operating system to skip up a folder, so:
C:\My Shared Folder\..\My Private Folder\My_bank_account_password.txt
Is the same as:
C:\My Private Folder\My_bank_account_password.txt
Oops! The user has escaped the shared folder, and is now loose on your filesystem. He can now read any file you have on your hard drive, which from a security point of view, is a disaster.
But there's nothing magical about how the attacker broke in. All the attacker can do is to try and trick your server with strange inputs. A key rule of computer security is to always check your user's data thoroughly. This may sound simple, but it's one of
the prime causes of computer vulnerabilities. Again, I should emphasis that hackers aren't magicians; they break into servers by capitalizing on your mistakes.
However, your system is simple, and you don't appear to need to let the users access files on the hard drives or anything like that. This vastly reduces the points at which a malicious user might gain entry. The more features a server has, the more points where mistakes can be made, and more points where vulnerabilities could potentially show. However, assuming you also use some encryption to guard your, it's safe to say that it shouldn't be too hard to make your server more-or-less utterly impregnable.