On Thu, 27 Mar 2003, James Richardson wrote: > Oh dear. Corba through a firewall isn't much fun. Iona do wonderwall, > which I have heard works....
We tried to use it in a banking environment, several years ago. Our experiences were not that great... In general CORBA thru a firewall can be very simple or extremly difficult, depending on the ORB, the application (e.g. callbacks) and the security policy to enforce. > If you want to do it yourself, then you could proxy the service yourself > using Java & RMI ( which you can get to work though a single port ). > Should be fairly straightforward, if you have the idls. Using DSI/DII > could be a pain though, if you dont have 'em I wrote a prototype of an IIOP proxy based on DSI/IR/DII. Works fine! For example it reliably proxifies object references in callbacks. The problem is security enforcement. You can't do real access control or protect servers from malicious requests at a Domain Boundary COntroller. There are also lots of issues to integrate a DBC and access control at the server. The main problem is the enormous flexibility of CORBA. Therefore securing a CORBA application needs much more than just a firewall. Cheers, Rudi ------------------------------------------------------------------------ Rudolf Schreiner, CTO, ObjectSecurity Ltd. St John's Innovation Centre, Cowley Rd., Cambridge CB4 0WS Tel. +44 1223 420252, Fax. +44 1223 420844 [EMAIL PROTECTED], www.objectsecurity.com ------------------------------------------------------------------------
