Re: Re[2]: Firewalls/Internet Security - TNG

[Rudolf Schreiner <ras () muc de>]

On Thu, 11 Dec 1997, Joseph S. D. Yao wrote:

> Sounds like objects and methods.

Sounds like CORBA.
 
> And somebody will invent a way to infuse new methods into an object ...
> hey, presto!  a virus in your data!  Just what we've been trying to
> tell nethoax-frightened managers was not likely.

Viruses? It's worse!
In the currently used form CORBA is  very unsecure. The Security 
Service is not bad, it supports authentication, authorization, audit and 
more, even non-repudation. There are some problems left, but  compared to 
the competitor (DCOM) CORBA's security concept is much superior. 
The real problem is that most (almost all) CORBA ORB vendors didn't 
implement this Security Service yet or are still in beta test. What you 
really can buy now is not much more than a quick'n dirty hack. We 
evaluated the "CORBA firewall" concepts of two leading vendors and are 
absolutly not happy. Simple tunneling of IIOP in HTTP and using a 
external packet filter for enforcement of the security policy is not 
acceptable. 
If you need CORBA security _now_ you have to do it yourself. But in most 
cases users of big CORBA applications simply ignore security at all. 

Rudi