[omniORB] Securing a Name Service

[W. Eliot Kimber]

We started thinking today about security issues surrounding the use of
CORBA naming services. A look at the naming service spec makes it clear
that there is no built-in security facility (if I was looking at the
latest version of the spec--I find the OMG site difficult to navigate
and I'm never sure if I've got the latest version of a spec).

This means, for example, that a running server can be overthrown by
another server that uses rebind() to take over the first server's name. 
While this could lead to some nasty denial of service attacks, I'm
actually more worried about inadvertant problems when people innocently
start a new server instance and use the defaults for name and name
service without realizing they are replacing an existing server.

Am I correct in my surmise that the solution to this problem would be to
implement our own naming service that provides some form of
authentication function? The OmniNames docs didn't suggest any feature
like this. Has anyone else addressed this problem of naming service
access control?

Are there other things that could be, say at the network level, to
control name service access? I can't think of any off hand, but then I'm
not network security expert either.

Thanks,

Eliot

-- 
. . . . . . . . . . . . . . . . . . . . . . . .

W. Eliot Kimber | Lead Brain

1016 La Posada Dr. | Suite 240 | Austin TX  78752
    T 512.656.4139 |  F 512.419.1860 | eliot@isogen.com

w w w . d a t a c h a n n e l . c o m