#2 Many distributed application servers incorporate some sort of user authentication to prevent
use by unauthorized individuals over the Internet. Commonly, a separate authentication server
is used to determine whether or not access should be granted. (That is, the server providing the
main functionality acts as a client of the authentication server to determine whether a set of
user provided credentials [e.g. userid and password] are valid or not and thus, whether or not
the client should be allowed to access the service being provided). This is a common usage
pattern independent of whether the underlying distributed application is implemented over
sockets, RPC/RMI or the web, among others. Think about what interactions must take place
(over the network) between the client, the server and the authentication server. Bearing in mind
that, text-based protocols will be insecure, briefly discuss what data in which
interactions should be encrypted and why. After authentication, if the client and server use
connection-oriented communication (i.e. streams) the process of preventing unauthorized
access is simpler than if they use connectionless communication (or simple request-response
protocols where the connections are dropped after a single communication exchange). Explain why this is so and suggest how authorized access can still be ensured.#3 This question considers the implementation of a simple redirect system (similar in spirit to the
RHS of slide 42 in the Client-Server notes given in class) but does not require an actual
implementation. Clients in such a system will only know the name/location of the redirect host
and will be unaware of the replicated servers hidden behind it in the server farm. To the clients,
the redirect host should, ideally, appear to be a single server providing the service. While simple
in principle, there are a number of technical issues involved in making such a system work.
Assuming you were asked to implement such a redirect host using Java, how could you (i)
determine whether or not a given server behind the redirect host is currently up, and (ii) how
could you tell which of the servers that are up is the most lightly loaded? (This will require you
to do a little research on the Java classes to discover what facilities are provided.) Once a
lightly-loaded, currently running, server has been chosen, each request from the client must
actually be transparently redirected to that server. Do a little web research then provide a definition of a “reverse proxy” server. Explain, in a general way, how such a server might also improve the performance of web access. How might it improve the security of web access?