Greetings.

I am not really familiar with internet applications, to be honest. I am working on an application ( desktop ) and now I decided to make it online. I am not speaking about applet or something working on a browser ( website etc). All I want is my main Application GUI to communicate with a server and exchange file between the server and the client. More or less a Server-Client Communication. I am familiar with sockets and the server client model but not with internet security. So I will like your opinion on how I should proceed with file transfer between both of them.

The logic of my server-client implementation:
When user open my application will have to either register or login.

Registration Logic:
If he decides to make a new account, then he fills some information which is sent to the server and then the server will send him an email with a verification code in order to complete registration. Users password are encrypted and stored on the server. This process is made with socket communication which I believe is vulnerable over Man in the middle attacks.

Login Logic:
If he decides to start a new session ( login ) he sends his information to the socket to the server, then takes the username and the raw ( string ) password and re-apply the encryption to check if it matches with the stored one. If all information is ok then server generate a random sessionID which sends to the client. Every time the client want to download or upload files to the server, he uses his unique sessionID in order to verify his credentials. The communications are with sockets and the files are sent with ObjectOutputStream.

I believe there are a lot of security issues, some of them are visible to me also. I was thinking of setting an SFTP server which will handle the files of each user, but still, I am not sure how I should send the public keys to each user and so on. I would like your opinion on this matter, some advice about which library I should use ( ex. Apache Commons Net, JSch etc)

Sorry for the long text.