Re: Oaf default build...

From: Miguel de Icaza <miguel helixcode com>
To: Maciej Stachowiak <mjs eazel com>
Cc: Michael Meeks <mmeeks gnu org>, gnome-components-list gnome org
Subject: Re: Oaf default build...
Date: 29 May 2000 13:03:05 -0400

> Miguel also says that "security" is not implemented, but I am not sure
> what kind of security is called for exactly. OAF doesn't use the X
> server for activation or anything, strictly ORBit local sockets, so
> UNIX permissions should take care of security needs. Someone should
> clarify the issue.

"Security" as in "authenticating the client to have permission to
invoke methods in this object".

Ie, the problem is:

	1. Component is created, launched.
	2. Remote user finds out about the port component is listening to.
	3. Remote user invokes any method he wants on interface.

Note that this involves no OAF at all.  OAF is fully irrelevant.

The reason why Gnorba was relevant before is that Gnorba provided the
authentication setup (which uses a cookie stored in a profile), so any
client that tried to invoke a method on a component had to pass this
"password" (cookie) to the server, or the request would be dropped.

OAF should so something similar.

Now, the problem is that the current setup means that most ORBs that
do not allow you to tag arbitrary information into the profile wont be
able to talk to our services.  And if they do they need to use the
same cookie scheme, it becomes a pain to use, distributed machines are
even harder (because they might have different cookies, they dont
agree on it, etc, etc).

Anyways, what Elliot suggested was to encode the cookie in the object
reference so that it would include the cookie in there.  This would
enable us to just use object references: if you get the object
reference by any mean, you would have access to the object.

Object references look like this (I have no docs here, so this is just
what I pulled out of my butt):

	somehost.com:5434/RootPOA/MyObject:1.0

So we would change them to be:

	somehost.com:5434/RootPOA/asldkfaslyqewksdlifuyakhjfasdif/MyObject:1.0

Please notice that we are handling authentication: not a secure
transport, but this is the minimal we need for having a secure
desktop in which remote people cant invoke methods in our objects.

I hope this makes it clear.

Miguel.

Follow-Ups:
- Re: Oaf default build...
  - From: Elliot Lee
- Re: Oaf default build...
  - From: Maciej Stachowiak

References:
- Oaf default build...
  - From: Michael Meeks
- Re: Oaf default build...
  - From: Maciej Stachowiak

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]