Menu
I have a Java server that opens up a socket using ServerSocket (using Thrift with it). This server has a client on the local machine in Obj-c that communicates with the Java server. Everything happens on localhost. Right now the java server is visible on the network as well, I would like the java server to only be accessible on localhost. Otherwise it is a potential security vulnerability and it freaks users out when their firewall warns them.
I tried creating the server socket using an InetSocketAddress('localhost', 9090) but that seems to have no effect. How can I limit this thing to localhost?
674
Java provides three different types of sockets. Connection-oriented (TCP) sockets are implemented with the Socket class. Connectionless (UDP) sockets use the Datagramsocket class. A third type is the Multicastsocket class, which is a subclass of the DatagramSocket class.
The getLocalHost() method of Java InetAddress class returns the instance of InetAddress containing local host name and address. In this, firstly the host name is retrieved from the system, then that name is resolved into InetAddress.
Let me chime in with an alternative solution which only accepts on loopback device. All the other "localhost" solutions will make Java pick an interface.
new ServerSocket(9090, 0, InetAddress.getLoopbackAddress()); This is available since Java 7, and does not even throw UnknownHostException
43
Taken from another question:
new ServerSocket(9090, 0, InetAddress.getByName(null)); InetAddress.getByName(null) points to the loopback address (127.0.0.1)
And here's the Javadoc where it says that
63
Try
new ServerSocket(9090, 0, InetAddress.getByName("localhost"))
The last parameter to the constructor specifies which address to bind the listening socket to.
42
new ServerSocket(9090, 0, InetAddress.getByName(null));
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
