1

I am trying to copy a file from my computer to another one on my LAN. My requirement is that there should be some password protection when I run the program so that no one else can send a file even if they manage to run the program.

My server code:

FileInputStream fis = null;
BufferedInputStream bis = null;
OutputStream os = null;
ServerSocket servsock = null;
Socket sock = null;
servsock = new ServerSocket(SOCKET_PORT);
String FILE_TO_SEND = "D:/Hi.txt";

while (true) {
    System.out.println("Waiting...");
    sock = servsock.accept();
    System.out.println("Accepted connection : " + sock);
    File myFile = new File(FILE_TO_SEND);
    byte[] mybytearray = new byte[(int) myFile.length()];
    fis = new FileInputStream(myFile);
    bis = new BufferedInputStream(fis);
    bis.read(mybytearray, 0, mybytearray.length);
    os = sock.getOutputStream();
    System.out.println("Sending " + FILE_TO_SEND + "(" + mybytearray.length + " bytes)");
    os.write(mybytearray, 0, mybytearray.length);
    os.flush();
    System.out.println("Done.");
}

My client code:

int bytesRead;
int current = 0;
FileOutputStream fos = null;
BufferedOutputStream bos = null;
Socket sock = null;
String FILE_TO_RECEIVED = "C:/Hey.txt";
sock = new Socket(SERVER, SOCKET_PORT);
System.out.println("Connecting...");
byte[] mybytearray = new byte[10240];
InputStream is = sock.getInputStream();
fos = new FileOutputStream(FILE_TO_RECEIVED);
bos = new BufferedOutputStream(fos);
bytesRead = is.read(mybytearray, 0, mybytearray.length);
current = bytesRead;

do {
    bytesRead = is.read(mybytearray, current, (mybytearray.length - current));
    if (bytesRead >= 0) {
        current += bytesRead;
    }
} while (bytesRead > -1);

bos.write(mybytearray, 0, current);
bos.flush();
System.out.println("File " + FILE_TO_RECEIVED
        + " downloaded (" + current + " bytes read)");

This code runs properly and the file is copied without any glitch, and I can also send multiple files across. But I don't know how to make this password protected, so I could use some help here.

Pastasaurus Rex
  • 112
  • 1
  • 2
  • 9
  • You need to expand your server (and client) to include a challenge/response into its protocol (or switch to something that has one built in and not re-invent the wheel). – Michael Lloyd Lee mlk Dec 01 '15 at 14:10
  • So it can range from something as simple as matching a `String` on both sides to something as complex as answering a puzzle? – Pastasaurus Rex Dec 01 '15 at 14:12
  • 1
    There are numerous existing solutions to the problem of copying files securely from one machine another. You don't need to reinvent the wheel ... and potentially introduce a bunch of security vulnerabilities in the process. – Stephen C Dec 01 '15 at 14:13
  • Answering a "puzzle" would not be any more secure than doing a password (HASH!) match on the server side. However please don't ignore the whole "re-inventing the wheel" part of the comment. [SCP](http://stackoverflow.com/questions/199624/scp-via-java), [SAMBA](https://jcifs.samba.org/) and [WebDev](http://stackoverflow.com/questions/672678/java-webdav-client-side-library) all have Java clients. – Michael Lloyd Lee mlk Dec 01 '15 at 14:21
  • Whatever you use it will be a copycat of what technologies are trying to do. All the pain text you are sending does not give any security. Even if you have a username/password the whole thing will just look like a normal ftp. To try and make it properly you will have to think about SSL. Of course there many many solutions out there (sftp, ssh and so on ..) who tackle this problem. Either consider using one of them or include SSL to you application on both sides. Good luck. –  Dec 01 '15 at 19:58

0 Answers0