[omniORB] authorization and omniNames
angainor@evo.evopolska.com
angainor@evo.evopolska.com
Wed Apr 16 15:40:02 2003
hi all,
I'm somewhat new to the subject, so I might be all
wrong. Still, I could not find any information
that could possibly solve my problem.
It stroke me that there is no authorization
required to perform operations on NameService.
In particular, no authorization is needed during
rebinding an object. If that is so, this is
quite a security problem :)
I've been working on some changes to omniORB
that would allow extraction of CommonName
from X509 certificate fetched by underlying
SSL layer. This obviously solves the problem of
authorization during remote method invocation.
I wonder if I need to apply similar changes
(CN verification) to omniNames at the beginning
of every method, or is there some, already
present method of performing verification?
cheers
Marcin