File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Distributed Java and the fly likes security through obscurity in corba.... Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Distributed Java
Bookmark "security through obscurity in corba...." Watch "security through obscurity in corba...." New topic

security through obscurity in corba....


Joined: Jul 11, 2001
Posts: 1

I'm using sun's ORB for a 3tier app. I need to implement some type of session management so only authorized clients can connect. I know there's a security service spec to corba, and some vendors support it, but not in the orb that comes in j2se standard. So here was my idea:
Put a "Login" object in the naming service. This object is like a servant factory any client can access it and if the authentication info checks out, a new SessionServant is instantiated and connected to the ORB, but NOT exposed through the naming service. I convert the new session servant object reference to a string and pass it back to the client. So now only the client knows what this string is (assume a secure connection end to end). How easy is it to guess this string that you get from object_to_string? Can it be used like a "key" in a way? I know this is quirky, but I can't really think of a easier way to implement this using J2SE and its ORB and nothing else. My other idea was to pass a key back with every method invocation but that's insane :P. Any thoughts? thx
Peter Tran

Joined: Jan 02, 2001
Posts: 783
The Java Ranch has thousands of visitors every week, many with surprisingly similar names. To avoid confusion we have a naming convention, described at . We require names to have at least two words, separated by a space, and strongly recommend that you use your full real name. Please log in with a new name which meets the requirements.
I agree. Here's the link:
subject: security through obscurity in corba....
It's not a secret anymore!