Login/Register
How to create Java socket that is localhost only?
Asked Answered
javanetworkingsockets
A

4

38

I have a Java server that opens up a socket using ServerSocket (using Thrift with it). This server has a client on the local machine in Obj-c that communicates with the Java server. Everything happens on localhost. Right now the java server is visible on the network as well, I would like the java server to only be accessible on localhost. Otherwise it is a potential security vulnerability and it freaks users out when their firewall warns them.

I tried creating the server socket using an InetSocketAddress('localhost', 9090) but that seems to have no effect. How can I limit this thing to localhost?

Aerator answered 5/2, 2010 at 4:35 Comment(3)
If the server's only accessible on localhost, how will the clients access it? I don't understand the setup.Intratelluric
Check this other question and the given answers: How to determine an incoming connection is from local machineGadid
@Kaleb - quoting the question: "This server has a client on the local machine ... Everything happens on localhost".Sixteenth
G
45

Taken from another question:

new ServerSocket(9090, 0, InetAddress.getByName(null));

InetAddress.getByName(null) points to the loopback address (127.0.0.1)

And here's the Javadoc where it says that

Gayegayel answered 8/6, 2010 at 4:33 Comment(3)
Tried on android, getByName(null) does not work (can't connect to socket opened this way no matter what). getByname("127.0.0.1") does work, works instantly and is IMHO more readable and 'portable'Teller
Just found this. Interesting. And now there's the method InetAddress.getLoopbackAddress()Eiland
I tried InetAddress.getLocalHost() but that did not work; no connections were accepted. .getByname("127.0.0.1") worked, though. Weird.Corves
H
30

Let me chime in with an alternative solution which only accepts on loopback device. All the other "localhost" solutions will make Java pick an interface.

new ServerSocket(9090, 0, InetAddress.getLoopbackAddress());

This is available since Java 7, and does not even throw UnknownHostException

Hardihood answered 6/8, 2015 at 7:35 Comment(0)
M
22

Try

new ServerSocket(9090, 0, InetAddress.getByName("localhost"))

The last parameter to the constructor specifies which address to bind the listening socket to.

Molybdenum answered 5/2, 2010 at 4:45 Comment(9)
+1 - but bear in mind that some machines don't understand "localhost". So using the IP address 127.0.0.1 is probably more robust.Sixteenth
Is that really how that constructor works? I had posted that suggestion, but after rereading the description, thought that it sounds like that constructor just chooses only one network connection to accept connections on, instead of all of them (if the system has more than one network device).Intratelluric
@Stephen that could cause problems in the future with a host that is primarily IPv6 or even IPv6 only.Molybdenum
@Kaleb yeah, in principle the localhost address is considered to be a separate network device, usually referred to as the loopback device.Molybdenum
@Geoff - so either you are screwed because some (real windows) machine does not have a "localhost" entry, or because some (hypothetical) machine is does not support IPv4.Sixteenth
-1 for believing "localhost" is always mapped to the local machine.Eglantine
@Eglantine It certainly should be, although there have been distributions of major operating systems where it wasn't. I would be downvoting those distributors rather than this answer.Raptor
Why not use InetAddress.getLocalHost()? docs.oracle.com/javase/1.4.2/docs/api/java/net/…Dermatoplasty
@1800INFORMATION No, InetAddress.getLocalHost() is not the same as the loopback address. Its the address of the "local host", not "localhost".Letendre
R
4
new ServerSocket(9090, 0, InetAddress.getByName(null));
Raptor answered 15/2, 2010 at 2:57 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.