April 2011
Intermediate to advanced
500 pages
16h 12m
English
Content preview from Developer's Guide to Web Application Security
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
The remote client could call this method on the server, and pass its own
String object as the name. RMI uses object serialization to send the actual object
through the network and to the server machine, where the method will be exe-
cuted. This can lead to holes in the security unless the policy for the RMI Security
Manager is implemented properly. For example, the object that is passed as an
argument could contain malicious code.
For example, imagine a server using RMI with a method such as
setInventory(item) as in Figure 7.14. Let’s say item belongs to the class Product. Let’s
also say there is a method used by the server in Product called getPr