0

我已经建立了一个聊天应用程序,我正在使用PrintWriterScanner读写流。例如:

Socket socket = new Socket(HOST, PORT);
Scanner IN = new Scanner(socket.getInputStream());
PrintWriter OUT = new PrintWriter(socket.getOutputStream());
String MESSAGE = "";

while(true){
 if(IN.hasNext()){
    MESSAGE = IN.nextLine();
    OUT.println("RESPONSE: " + MESSAGE);
    OUT.flush();
 }
}

我正在考虑如果有人连接到我的服务器(ServerSocket),他可以读取我写入流的所有数据。如果他写入流,那将是最坏的情况。

我在考虑加密。所有数据都将被加密,“接收器”将解密数据流。此外,我必须在将写入流的加密字符串的开头或结尾使用安全密钥。如果安全密钥有效,则允许接收方读取该字符串。

这是一个好的解决方案吗?这足够安全吗?使用 PrinterWriter 和 Scanner 读取/写入流是否足够好?InputStreamReader 和 BufferedStream 呢?

4

1 回答 1

0

I would advice you not create the socket server from scratch as you are attempting. Use Netty (or even Apache mina) to do this. Netty has built-in support for SSL and you can setup client-side certificates. If you are unwilling to take on the extra work of SSL, then you can implement IP based restrictions or add a simple password into your protocol coupled with SSL.

For more information: http://netty.io

于 2013-01-18T16:54:10.057 回答