[omniORB] omniNames security

Duncan Grisby duncan at grisby.org
Thu Oct 11 12:38:08 BST 2007


On Wednesday 10 October, Andrea Venturoli wrote:

> I'm developing a server application using omniORB; on startup this
> server publish its address through omniNames and client will contact
> omniNames to see how they can reach the server. (All quite usual so
> far :-)
> 
> My problem is that I couldn't find any sort of access control in
> omniNames, so not only my server, but anyone could publish a (fake)
> address and redirect the clients elsewhere!

The CORBA naming service specification, and hence omniNames, is an
incredibly simple thing. It was never intended to be used in complex
situations, or situations where security is an issue.

Given that it's just a simple mapping from names to objects, it's very
easy to implement your own name mapping server that have whatever access
restrictions are appropriate for your application.

Or, as Jason Etheridge suggested, you could make a simple proxy server
to omniNames that implements the access control you want. You can easily
implement the standard CosNaming interfaces and just throw
CORBA::NO_PERMISSION from any methods that shouldn't be used.

Cheers,

Duncan.

-- 
 -- Duncan Grisby         --
  -- duncan at grisby.org     --
   -- http://www.grisby.org --



More information about the omniORB-list mailing list