...

It is also important to use SSL for secure Remote Method Invocation (RMI) communications because RMI depends on object serialization and serialized data must be safeguarded in transit. Gong et al. \[[Gong 2003|AA. Bibliography#Gong 03]\] describe how to secure RMI communications using {{SSLSockets}}.

Note that this rule makes no assumptions about the integrity of the data being sent down a socket. For information about securiting data integrity, see SER02-J. Sign and seal sensitive objects before sending them outside a trust boundary.

Noncompliant Code Example

...

MSC00-EX0: Because of the mechanisms that SSLSockets provide to ensure the secure transfer of packets, significant performance overhead may result. If no sensitive information is being transmitted, or the channel is not prone to attacks, regular Sockets are sufficientRegular {Socket}}s are sufficient if:

• The data being sent over the socket is not sensitive
• The network path of the socket never crosses a trust boundary. This could happen if, for example, the two endpoings of the socket are within a local network and the entire network is trusted.

Risk Assesment

Using plain sockets instead of SSLSockets means that the data's confidentiality and integrity is not guaranteed.

...