This week's book giveaway is in the OCAJP 8 forum.
We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line!
See this thread for details.
The moose likes Distributed Java and the fly likes security through obscurity in corba.... Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of OCA Java SE 8 Programmer I Study Guide this week in the OCAJP 8 forum!
JavaRanch » Java Forums » Java » Distributed Java
Bookmark "security through obscurity in corba...." Watch "security through obscurity in corba...." New topic

security through obscurity in corba....


Joined: Jul 11, 2001
Posts: 1

I'm using sun's ORB for a 3tier app. I need to implement some type of session management so only authorized clients can connect. I know there's a security service spec to corba, and some vendors support it, but not in the orb that comes in j2se standard. So here was my idea:
Put a "Login" object in the naming service. This object is like a servant factory any client can access it and if the authentication info checks out, a new SessionServant is instantiated and connected to the ORB, but NOT exposed through the naming service. I convert the new session servant object reference to a string and pass it back to the client. So now only the client knows what this string is (assume a secure connection end to end). How easy is it to guess this string that you get from object_to_string? Can it be used like a "key" in a way? I know this is quirky, but I can't really think of a easier way to implement this using J2SE and its ORB and nothing else. My other idea was to pass a key back with every method invocation but that's insane :P. Any thoughts? thx
Peter Tran

Joined: Jan 02, 2001
Posts: 783
The Java Ranch has thousands of visitors every week, many with surprisingly similar names. To avoid confusion we have a naming convention, described at . We require names to have at least two words, separated by a space, and strongly recommend that you use your full real name. Please log in with a new name which meets the requirements.
I agree. Here's the link:
subject: security through obscurity in corba....
It's not a secret anymore!