Preventing RMI server code modification

I'm writing a client-server solution which is using Java RMI (Via the Cajo project).

I want to make the server as secure as possible. I understand that by using Java reflection, a malicious client would be able to view all method names and field names inside any given object which has either been bound in the RMI regestry or "proxied" from the server (In Cajo, a proxied item is an object who actually resides on开发者_StackOverflow中文版 the server but the client can reference it). However, would a malicious client be able to view any program logic, or modify any code on the server? Or what about viewing the actual contents of the fields?

Please assume that physical access to the server is not allowed and the only network access to the server is via the Cajo TCP port (1198).

Thanks

RMI is based on proxy objects and serialisation.

• Proxy objects: these only contains methods specified in an interface, all other methods and fields of the original Object do not exist within the proxy and can't be accessed via reflection. No attacks are possible since all methods are already public in the interface.

• Serialised objects: are one on one copies of the server side values, all methods and fields can be accessed on the client, but changes to the client copy are not forwarded to the server since both copies are independent. An object with modified fields can still be used as argument of an RMI method, so validate your input on the server.

I understand that by using Java reflection, a malicious client would be able to view all method names and field names inside any given object which has either been bound in the RMI regestry or "proxied" from the server

Correct. However what are those fields? Just an IP address:port and some magic numbers for the methods being proxied. Nothing to worry about there, there's nothing being exposed that the client can't already use by normal means.

However, would a malicious client be able to view any program logic, or modify any code on the server?

No. It doesn't have any access to the server other than via the proxy. It can't see the actual remote object implementations at all.

Or what about viewing the actual contents of the fields?

No, for the same reason.