Re: Oaf default build...
- From: Elliot Lee <sopwith redhat com>
- To: Maciej Stachowiak <mjs eazel com>
- Cc: gnome-components-list gnome org
- Subject: Re: Oaf default build...
- Date: Mon, 29 May 2000 17:41:58 -0400 (EDT)
On 29 May 2000, Maciej Stachowiak wrote:
> Is this solution implemented now?
Yes. POAs and objects each have a random 8-byte key associated with them
that is included in the object key and must be matched to incoming
requests.
> And if so, does that resolve the security concerns?
It means that you can guarantee that having an IOR means having access to
the pointed-to object (and the negate), so by controlling access to IORs
we control object access.
If/when ORBit does bounds checking on IIOP, this will allow scaling beyond
the single-user model we have now, so your system printer object can
require the client to pass in a system authentication token in order to
instantiate a print-job object, allowing printing access controls to be
put in place on the print-job use without having to complicate the ORB. It
won't be as simple as this, but there's no point in trying to solve those
problems now. :)
-- Elliot
"Moron of the week" for four years running
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
