4.3.3 Do I have to "protect" every object, even those which are not thought to be used from outside?

 

Extended Question:

If I have several CORBA-Servers in one HOST. Some objects of the servers are thought to be accessed from remote Hosts, but other objects are thought to be accessed by other servers which are located in the same Host (the inter-process communication in the Host is made with CORBA). Is there a possibility to (in an authenticated manner) know, if a request to an object comes from "outside" or from the local Host ? If there is no possibility, have I to "protect" every object, even those which are not thought to be used from outside?

Jonathan Biggar

(July, 1998) : This sounds like a good place to have a firewall. The new CORBA firewall specification which might be approved shortly will allow a firewall to mediate CORBA invocation access and prevent access to "internal only" objects. This will allow you to have a simpler (or no access control scheme) for those objects.

Nick Battle

(July, 1998) : A target has access to a client's authenticated credential attributes, but these do not specify the location of the client. I don't think there is a CORBA standard way to achieve what you are asking, though at a lower level some security mechanisms may be able to give you trustworthy information about the location of the peers in an association.

If protection is to be achieved on the basis of location, and CORBA does nothing to help verify location, yes. CORBA Security protection works on the basis of a principal's credential attributes, not its location. This is sometimes a surprise to people who are used to thinking about security in terms of firewalls and other such location/topological constraints.