On Mon, 11 May 1998, Bennett Todd wrote: > The over-the-wire protocol our developers were proposing to use was > related to CORBA (I don't know for sure if CORBA actually specifies the > network protocol, of if it's just another API spec). CORBA's normal over-the-wire protocol is IIOP. IIOP is specified by the OMG to ensure interoperability between ORBs. > The datbase backend > was ODBC<==>CORBA. I stated that (a) database implementations are huge, > complex, and never designed with security as a goal; (b) there were no > security provisions available in any implementation we could find of the > proposed protocol; Until recently security was not CORBA's strong side. You had to implement it by yourself. Now many vendors support IIOP over SSL and some even the new security service. > and (c) we could find no proxy that gave fine-grained > control of the requests it would be willing to forward. Some "CORBA proxies" are really weak about security, e.g. they tunnel IIOP in HTTP without any access control or you have to use a filtering router to limit access. The problem is that now there is no CORBA firewall standard, just some proposals. IMHO the best is the submission based on IONA's Wonderwall. The Wonderwall is a full IIOP proxy and supports filtering based on request header information. Filtering based on the request body is impossible because the proxy doesn't know the interface definition. Another possibility is writing your own customized proxy. It's flexible and not very difficult, but an ORB is a big piece of complex OO software. Running such a huge proxy on a firewall without additional protection doesn't give me a good feeling. > Based on these > limitations we ended up replicating the data out onto a sacrificial > machine in the DMZ, sanitizing it as best we could, and protecting that > machine the best we could with the screening router. Now some companies use CORBA in security sensitive areas and over firewalls. Rudi
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:07 PDT