Java: how to make application secure from jvm and http monitor running externally on same machine?
https://stackoverflow.com/questions/7961238
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Is there any way to hide the http requests a java application makes from wireshark or any other traffic monitoring processes on the machine?
possible to hide certain string data from being exposed via jvm monitor?
Solution
Is there any way to hide the http requests a java application makes from wireshark or any other traffic monitoring processes on the machine?
It depends. You can protect against simple packet sniffing by using SSL etc to secure the network connection; i.e. use HTTPS. However, if someone/something has maximum privileges on a typical machine, they can (in theory) get around any scheme you attempt to erect. For instance, they could get into the JVM and figure out what keys are being used to encrypt the SSL traffic.
Hiding the existence or the destination of the HTTP requests is impossible.
possible to hide certain string data from being exposed via jvm monitor?
If someone can attach a Java debugger to your JVM, then can (in theory) see any data that it contains and observe anything that it does. There's nothing you can do about that.
Reading between the lines, it seems like you are trying to implement some kind of secure communication channel between your server and a copy of your software running on a machine / platform that you can't trust. Put simply, this is theoretically impossible. You are better off looking for a scheme where it doesn't matter if someone can see the network traffic. (It is hard to advise without knowing what it is you are trying to do.)
OTHER TIPS
If you use https instead of http it cannot be eavesdropped.
