I am developing a secured file sharing project using Java RMI. The files\' conte

Question

I am developing a secured file sharing project using Java RMI. The files' content has to be secured. The server will store the encrypted files and the client will be able to upload/download/list files (with password authentication). I am new to security and would appreciate any additional security measures I could implement/correct.

Right now I am thinking of using encryption on the files/passwords/metadata to transport them from the client to the server. Once they reach the server, I would store the encrypted files and would decrypt the passwords, so I could store the SHA256/SHA512 passwords on the database. (Does this make sense?)

Now, I have heard of SSL which encrypts the content of the packets sent and received (if I'm not wrong) and provides some kind of authentication.

Is it necessary to add SSL (or replace with SSL instead of what I idealized) in my case?

Thank you.

Explanation / Answer

Oh, god yes. First of all, SSL uses Diffie-Helfman, which means that attackers can't listen to clients negotiate encryption keys with the server (obviously, if they sniffed the key, it would kind of ruin the point of encrypting your communications at all). Second, it uses a CA system, which makes it very difficult for attackers to imitate the server to the client (thus securing your password when the client tries to authenticate). Both of these protocols are difficult to implement correctly, and I highly recommend letting professionals do it for you.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.