mobility-rpc icon indicating copy to clipboard operation
mobility-rpc copied to clipboard
verified publisher icon npgall

Sandboxing and security

Open mikehearn opened this issue 9 years ago • 1 comments

Running Mobility-RPC isn't safe anywhere except a tightly controlled network, because it will literally let anyone send you arbitrary code to execute, without any authentication or security at all. Thus anyone who can connect to your machine, owns it.

It'd be useful to extend Mobility to support SSL for connections and support setting a ProtectionDomain on the SessionClassLoader.

mikehearn avatar Feb 27 '16 13:02 mikehearn

This is totally true. It is not recommended to run Mobility-RPC over the public internet, that's for sure!

Issue #5 actually deals with a similar question (although it's a different aspect).

I don't think I'll have time to implement this feature personally, as I don't have a need to run Mobility-RPC on untrusted networks at the moment.

However if you'd like this feature to be added, and you can submit a pull request to do so, I would definitely be happy to merge a feature like this!

npgall avatar Feb 29 '16 23:02 npgall