[omniORB] How to prevent service overrides of the Naming service?
Daniel Krügler
daniel.kruegler at gmail.com
Wed May 28 12:24:45 UTC 2025
Hi,
I'm aware that this is not really an OmniORB specific question, but I'm
hoping that someone may still answer to that question:
We are using to CORBA NamingService to register and access our services in
our client/server architecture. We recently found out that it seems
possible that a malicious client could simply replace our LoginService
(Which is responsible for the initial connection to the service) overriding
its registration in the Namingservice by a malicious LoginService
implementation and thus can intercept all calls to the LoginService::login
function to inspect every attempt of a user that wants to login.
Is it somehow possible to prevent overriding already registered services in
the NamingService or are there any other techniques to prevent this
situation?
Thanks,
- Daniel Krügler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.omniorb-support.com/pipermail/omniorb-list/attachments/20250528/49675f4d/attachment.htm>
More information about the omniORB-list
mailing list