[omniORB] omniNames security
Andrew Edem
andrew at kaxis.us
Wed Oct 10 16:35:31 BST 2007
Hi Andrea,
Unfortunately CORBA is not designed to provide publicly available
services over Internet.
It is possible to use SSL with CORBA including client cetificates to
limit access to servants from other trusted servants. However, they key
here is 'trusted'. You never want to allow access to your CORBA bus from
any application which is not trusted.
Thus it is important when designing and deploying CORBA-based systems to
ensure that the transport is protected either physically (separate
network) or cryptographically (SSL/VPN/IPsec/firewall) so that only
'trusted' clients can connect.
Hope that helps,
Cheers,
-Andrew
Andrea Venturoli wrote:
> Hello.
> I've googled around for this, but found no exhaustive thread.
> Forgive me if I'm saying something stupid, since I'm quite new to CORBA.
>
> I'm developing a server application using omniORB; on startup this
> server publish its address through omniNames and client will contact
> omniNames to see how they can reach the server. (All quite usual so far :-)
>
> My problem is that I couldn't find any sort of access control in
> omniNames, so not only my server, but anyone could publish a (fake)
> address and redirect the clients elsewhere!
>
> The ideal situation would be let omniNames allow read-access to the
> world, but write access to localhost only, or set a password/key, but
> I'm open to any other means which would let me achieve a secure setup.
>
> Any hint/comment/insight?
>
> bye & Thanks
> av.
>
> _______________________________________________
> omniORB-list mailing list
> omniORB-list at omniorb-support.com
> http://www.omniorb-support.com/mailman/listinfo/omniorb-list
>
More information about the omniORB-list
mailing list