Re: Client and server run by different users



> > But for some reason I cannot get the clients access the server if they are
> > run by any other user than the server. Does anyone know how to fix this?
> 
> This is probably occurring because you don't have TCP/IP networking
> enabled (blame gnome-list for this :), and the UNIX domain socket is only
> accessable by the user that the server is running as.

I have enabled TCP/IP networking in /etc/orbitrc, and that doesn't
help. But maybe UNIX domain sockets is attempted first if the server and
client is on the same host? Should it help disabling UNIX domain sockets?

Is it possible to do such configurations on a per-application basis? It
seems to me somewhat rash to enable TCP/IP networking for all
programs using ORBit, just because this single application needs it.

However, I do not get any indication that anything fails when calling
CORBA_ORB_string_to_object(). I get an exception first when I try to call
methods on the remote object. When CORBA_ORB_string_to_object() is
called I check wether the object reference is NULL and wether
(ev._major != CORBA_NO_EXCEPTION), and all seems fine. Is there any
other mechanizm to check for errors that I do not know about?

> Note, however, that ORBit-stable was not designed to handle valid access
> from untrusted clients, and thus you will be opening some security holes
> by enabling TCP/IP, especially without using any cookie protection.

Does this mean that I would be better off using another ORB for this
specific application? I had hoped that I could use ORBit, since this is a
very widespread ORB, at least in GNOME installations.

---
Rune Saetre








[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]