[omniORB] SSL and normal TCP transport
Duncan Grisby
duncan at grisby.org
Wed Feb 11 19:03:40 GMT 2004
On Monday 9 February, Corrigan Coleman wrote:
> does anyone know if it is possible to specify a restricted
> transport endpoint for just one particular servant ?.
>
> We have a high throughput server over TCP/IP, and want to secure and
> restrict access to an administrative interface, by limiting it to SSL or
> alternatively local connections, but do not want to affect the accessibility
> and performance of the other interface.
There's no way to do that in omniORB. You could modify the IOR of the
admin interface to only list the SSL endpoint details, but that
wouldn't stop a cunning client reconstructing the IOR with the other
endpoint details.
You could check that a client is using the right transport with an
interceptor that looked at the giopConnection in use, and turned the
client away if it wasn't SSL.
Cheers,
Duncan.
--
-- Duncan Grisby --
-- duncan at grisby.org --
-- http://www.grisby.org --
More information about the omniORB-list
mailing list