Vulnerability Development mailing list archives

middleware corba vulnerabilities:do they exist?

From: william fitzgerald <williamf () cs may ie>
Date: Thu, 07 Aug 2003 14:25:42 +0000 (gmt)

Hi all, 

I am not sure what forum I should have posted this on so if you know let me
know for next time. 

I have been researching corba and corba security as a hobbie recently. Corba
security seems to be solid from the omg corba security services 1.8 manual (only
got through half of that spec so far). 

does corba have any security flaws that could be improved or are worth a research
investigation? 

there must be ways to upset corba security services either intentionaly or unintentionaly.
it seems to be heavily governed on policies. is the a vulnerability here? 

what about other middleware technologies such as ejb? are there security issues
here? 

or do security issues arise when using both ejb and corba together? 

any information relating to corba security is welcomed. the omg specification
wont highlight any existing security exploits for obvious reasons. 

I done a google seearch for "corba security vulnerabilites" but no security
problems were returned. 

Kind regards, 
Will.

Mr. William Fitzgerald (MSc,BSc)
Ericsson Systems Expertise Ltd.,
Radio House, Beech Hill,
Dublin 4.
ph: 087 95 27 083
http://www.may.ie

Current thread:

middleware corba vulnerabilities:do they exist? william fitzgerald (Aug 07)
- Re: middleware corba vulnerabilities:do they exist? Raymond C. Parks (Aug 08)
- <Possible follow-ups>
- Re: middleware corba vulnerabilities:do they exist? xenophi1e (Aug 08)