[omniORB] omniORB through a fire wall

Duncan Grisby duncan@grisby.org
Mon Apr 28 11:46:01 2003


On Thursday 24 April, Fred Cook wrote:

> It would be nice to be able to specify a set of open ports so one could
> set up a fire wall between a client and server.  We really need this.
> It sounds like IIOP doesn't like to be limited to specific ports.

I am not aware of firewalls that filter based on client side port
number. The vast majority of protocols specify server-side ports, but
clients use ephemeral port numbers allocated arbitrarily by the OS.

>  Is the security service the answer to this problem?

Not really. The security service is all about authentication,
authorisation and that kind of thing. Aside from that, you can use SSL
connections for privacy, but that doesn't help you negotiate
firewalls.

There is a CORBA firewall spec, but that requires cooperation from the
firewall itself. Just like e.g., non-passive mode FTP needs support in
the firewall.

>   If so, are there any plans for a omni Security service?

Not right now.

Cheers,

Duncan.

-- 
 -- Duncan Grisby         --
  -- duncan@grisby.org     --
   -- http://www.grisby.org --