Hello, I have a question about how to implement authentication mechanism in CORBA applications and in MICO in particular. In details I have an object, which provides some functionality and I have GUI clients (Win32), which can connect even from Internet. Clients enter username/password in a dialog and should authenticate and then be able to invoke those functions before disconnect (technical with timeout or functional, by calling a function, doesn't matter). Also, client should be able to change user without disconnecting (by calling some other function). I will describe methods I tried to use and which doesn't fit:
1) CSIv2. Not good because application is unaware of it (I need to know at least the username). Also, parameters should be fed into the ORB on initialization phase, which means: to change user I have to stop the application. 2) CSL2. I was unable to compile CSL2 under Win32 (VC7.1). There is no "USE_CSL2" option in Makevars, I had to put it there manually. After correcting errors (I mean what MS's cl.exe told me) in securitylevel2_impl.cc, and putting "using namespace std" in flexlexer.h (for Windows), I'm getting LNK2016: mico2311.lib: error LNK2016: Absolute symbol '@comp.id' used as target of DIR32NB relocation LINK : fatal error LNK1165: link failed because of fixup errors This happens because a bug in MS linker described in: http://support.microsoft.com/default.aspx?scid=kb;en-us;831995 Solutions advised in this mailing list (like "try to compile without CCM") didn't help. 3) I also tried like this: create a persistent object with one method - "Login", which will give client a reference to the newly created interface, with secured functions. This is not good enough because MICO's bind function used even from another computer will nicely run functions from this new interface without any authorization. --------------------------------------------- For example: Interface SecuredInterface { void ListCreditCards(); }; Interface Public { SecuredInterface Login(string username, string password); }; Normal client will do, for example: // because an application is also for internet, I have to use a strict port number CORBA::Object_var obj = orb->bind("IDL:Public:1.0", "inet:IP:port"); ... SecuredInterface_var sec = publicif->Login("a", "b"); But then this will for from another computer without authorization: CORBA::Object_var obj = orb->bind("IDL:SecuredInterface:1.0", "inet:IP:port"); // only the first created interface will be visible, but still it not good at all --------------------------------------------- So my question is: Is there any other patternts to implement security in CORBA application (or to compile CSL2 in MICO)? Thanks for answers, Arnold Mingin _______________________________________________ Mico-devel mailing list [email protected] http://www.mico.org/mailman/listinfo/mico-devel
