[omniORB] omniNames security

Jason Etheridge jason at etheridge.org
Thu Oct 11 06:20:14 BST 2007


On 10/10/2007, Andrea Venturoli <ml at netfence.it> wrote:
> My problem is that I couldn't find any sort of access control in
> omniNames, so not only my server, but anyone could publish a (fake)
> address and redirect the clients elsewhere!
>
> The ideal situation would be let omniNames allow read-access to the
> world, but write access to localhost only, or set a password/key, but
> I'm open to any other means which would let me achieve a secure setup.

Given what you're describing, one solution would be to implement a
very simple CORBA server (let's call it NameLookup) that implements a
subset of CosNaming, where that subset includes the read-only
operations like lookup(). The implementation of those operations would
call through to an omniNames server that runs separately.

You'd then publish the IOR of your NameLookup server to the world,
which people would use as a regular naming service to look up your own
services. Internally, your own services would be talking directly to
the omniNames server to bind their own names; the omniNames server
would have no visibility outside of your local network (i.e., no one
would ever know its IOR).

Using omniORBpy, doing this kind of read-only facade (or anything else
for that matter!) is incredibly easy. :-)

-- 
Jason Etheridge                                     mailto:jason at etheridge.org



More information about the omniORB-list mailing list