Firewall Wizards mailing list archives
Re: Re[2]: Firewalls/Internet Security - TNG
From: Rudolf Schreiner <ras () muc de>
Date: Fri, 12 Dec 1997 16:23:57 +0100 (MET)
On Thu, 11 Dec 1997, Joseph S. D. Yao wrote:
Sounds like objects and methods.
Sounds like CORBA.
And somebody will invent a way to infuse new methods into an object ... hey, presto! a virus in your data! Just what we've been trying to tell nethoax-frightened managers was not likely.
Viruses? It's worse! In the currently used form CORBA is very unsecure. The Security Service is not bad, it supports authentication, authorization, audit and more, even non-repudation. There are some problems left, but compared to the competitor (DCOM) CORBA's security concept is much superior. The real problem is that most (almost all) CORBA ORB vendors didn't implement this Security Service yet or are still in beta test. What you really can buy now is not much more than a quick'n dirty hack. We evaluated the "CORBA firewall" concepts of two leading vendors and are absolutly not happy. Simple tunneling of IIOP in HTTP and using a external packet filter for enforcement of the security policy is not acceptable. If you need CORBA security _now_ you have to do it yourself. But in most cases users of big CORBA applications simply ignore security at all. Rudi
Current thread:
- Re: Firewalls/Internet Security - TNG, (continued)
- Re: Firewalls/Internet Security - TNG Ted Doty (Dec 03)
- Re: Firewalls/Internet Security - TNG Larry J. Hughes Jr. (Dec 03)
- Re: Firewalls/Internet Security - TNG Frank Willoughby (Dec 03)
- Re: Firewalls/Internet Security - TNG Marcus J. Ranum (Dec 08)
- Re[2]: Firewalls/Internet Security - TNG Edward Cracknell (Dec 09)
- Re: Firewalls/Internet Security - TNG Fred Donck (Dec 11)
- RE: Firewalls/Internet Security - TNG Safier, Adam (GEIS) (Dec 03)
- RE: Firewalls/Internet Security - TNG Wright, Steven (Dec 09)
- Re[2]: Firewalls/Internet Security - TNG Rick_Giering_at_mpg003 (Dec 11)
- Re: Re[2]: Firewalls/Internet Security - TNG Joseph S. D. Yao (Dec 11)
- Re: Re[2]: Firewalls/Internet Security - TNG Rudolf Schreiner (Dec 12)
- Re: Re[2]: Firewalls/Internet Security - TNG Joseph S. D. Yao (Dec 11)