RMI objects in local memory?
843793Apr 18 2002 — edited Apr 21 2002Hello, I apologize for the cross-posting but I originally put this question in the general programming forum and realized this would be a more appropriate spot.
I'm writing a client/server application and trying to architect the security mechanisms. A remote machine hosts various data which I want client apps to access only via the server app, which is also running on the same remote machine.
I'm somewhat new to this, but I've been reading sun's docs and RMI seems to be the right solution. So, as I understand it, the server app creates java objects that contain private pointers to the remote data (and will in my case also contain some highly sensitive internal information), and expose public methods to access the data. The client requests such objects and manipulates the data via the exposed public methods.
My question is this: Does the client machine ever contain an actual copy of the requested remote object in its memory somewhere? That is, if somebody wanted to, could they do a local memory dump and reveal the private contents of the object? Or does the client only receive a handle to the remote object, not a full in-local-memory copy of the object's data?
And, related: if the requested remote object contains pointers to other remote objects, and the client calls a get() method to retrieve references to these other remote objects, are they copied to local memory, or does the client just get the reference?
I hope my questions are clear. Thank you very much in advance.
- Matt