aspose file tools*
The moose likes Distributed Java and the fly likes security through obscurity in corba.... Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Distributed Java
Bookmark "security through obscurity in corba...." Watch "security through obscurity in corba...." New topic
Author

security through obscurity in corba....

jerere
Greenhorn

Joined: Jul 11, 2001
Posts: 1

hello,
I'm using sun's ORB for a 3tier app. I need to implement some type of session management so only authorized clients can connect. I know there's a security service spec to corba, and some vendors support it, but not in the orb that comes in j2se standard. So here was my idea:
Put a "Login" object in the naming service. This object is like a servant factory any client can access it and if the authentication info checks out, a new SessionServant is instantiated and connected to the ORB, but NOT exposed through the naming service. I convert the new session servant object reference to a string and pass it back to the client. So now only the client knows what this string is (assume a secure connection end to end). How easy is it to guess this string that you get from object_to_string? Can it be used like a "key" in a way? I know this is quirky, but I can't really think of a easier way to implement this using J2SE and its ORB and nothing else. My other idea was to pass a key back with every method invocation but that's insane :P. Any thoughts? thx
jr
Peter Tran
Bartender

Joined: Jan 02, 2001
Posts: 783
"jerere"
The Java Ranch has thousands of visitors every week, many with surprisingly similar names. To avoid confusion we have a naming convention, described at http://www.javaranch.com/name.jsp . We require names to have at least two words, separated by a space, and strongly recommend that you use your full real name. Please log in with a new name which meets the requirements.
Regards,
-Peter
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: security through obscurity in corba....
 
Similar Threads
CORBA & Firewalls
CORBA: Difference between ORB and naming service
What is distributed Computing from an Application's Point of View
Protocols
My SCEA Part 1Study Notes