let's all drop our pants, erh I mean firewalls!
fh
"A mailing list for Enterprise JavaBeans development" <[EMAIL PROTECTED]>
wrote:
>Date: Thu, 21 Oct 1999 16:35:16 +0100
>Hi
>
>IMHO Firewalls are the work of the devil. Completely false feeling of security,
>particularly with HTTP CONNECT.
>
>Joel Crisp (speaking for myself, not SUN).
>
>Steve Demuth wrote:
>>
>> Some vendors have this capability in their CORBA orbs. Visigenic's orb,
>> e.g. can (pretty much tranparently) wrap IIOP in HTTP or HTTPS to tunnel
>> through client firewalls.
>>
>> My concern about this approach, whether it's SOAP or HTTP tunneling of IIOP
>> is that it's a cobbled together solution for what should be a non-problem.
>> We need to do a lot of evangalism in the corporate security community to
>> convincingly demonstrate that properly configured, IIOP channels in their
>> firewalls (and around their proxy servers!) are no more (and probably
>> less), dangerous than the ubiquitous HTTP on port 80. The only reason
>> we're even tempted to migrate to doing RMI/RPC via HTTP is because it's the
>> lowest common denominator for security.
>>
>> As far as SOAP as a way to tie together CORBA, RMI and DCOM is concerned: I
>> doubt that's Microsofts goal. Even if it is, XML is a small part of the
>> solution. Any of us could write code to re-marshal and un-marshal IIOP or
>> DCOM into XML very easily. But these three protocols are not semantically
>> equivalent, and you can bridge them only with significant effort, or by
>> applying (again) a least common denominator approach that throws away as
>> much as it salvages.
>>
>> At 10:24 AM 10/21/99 +0200, you wrote:
>>
>> >Using DCOM for this is virtually impossible, but the same is more or less
>the
>> >case with RMI/IIOP because of firewall problems, although in a controlled
>> >extranet configuration one could configure the firewall to let through IIOP
>> >packets. SOAP is a way to package a DCOM call as an XML message and thus
>> >overcoming the firewall problem, while COM components running on an intranet
>> >would still use DCOM to communicate.
>> >
>> >A similar approach would IMHO be very useful also for the EJB/CORBA world.
>> >
>>
>> Steve Demuth
>>
>> Director of Technology Research
>> Artemis Alliance, Inc. An Inprise Premier Partner
>> 2750 Lannon Hill Road
>> Decorah, Iowa 52101
>> 651-227-7172 (Typically Mon-Tue) or 319-382-0593 (Wed-Fri)
>>
>> ===========================================================================
>> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
>> of the message "signoff EJB-INTEREST". For general help, send email to
>> [EMAIL PROTECTED] and include in the body of the message "help".
>
>===========================================================================
>To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
>of the message "signoff EJB-INTEREST". For general help, send email to
>[EMAIL PROTECTED] and include in the body of the message "help".
--
The best thing about standards is that
there are so many to choose from.
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
