I get it, so you say that I better don't expose it to internet directly, so how for example I can do a secure connection (I'm a student, never worked in a company, so your explications are really good for me). Or I must just process the data and then use another tool to connect to internet?
I tested a java application with OpenJVM under Ubuntu and it didn't work well, so I prefer to use the Oracle's one: it should run the same jar in each platform the same. I did't test the other brands.
Ok, here's a very simple setup how I test my java server applications at home (on a RPi3 and on Windows 10
:
- I run the java vm and the java applications in a chrooted very lite RaspBian lite environment.
- Every machine that needs processing against java code has a certificate for the Java chrooted environment.
- The chrooted environment will refuse password connections, accepts only certificates from known local ip's.
- Responses will be processed ad-verbatim and exposed through a webserver. (At that point the data is static.. get it?
- Data coming to the webserver from the outside is first validated ON the webserver (js validation, buffer cleaning, php validation, data validation, all standard).
- Once established it is a valid request it is given to the chrooted java application as a (static) package preferably as a request for a stored procedure in case of an underlying database.
- The internal IP for the chrooted java server is otherwise blocked.
At work, there are a few more steps, but the above is doable for students and very, very safe,
BTW: All three examples I gave for JVM5 servers are because of some malformed request, either SQL, TCP or a security key exchange.
You are right to prefer the Oracle one: better maintained and 2 to 5 times faster.
Note you only have to do this once per webserver. You can have as many applications that you like (unless you do a certificate per application/per user, which is what you do at the bank
)