From kde-core-devel Mon Oct 25 17:51:47 1999 From: Stefan Westerfeld Date: Mon, 25 Oct 1999 17:51:47 +0000 To: kde-core-devel Subject: MICOSec - secure ORB access X-MARC-Message: https://marc.info/?l=kde-core-devel&m=94087420832338 Hi! Since mico is used in KDE, people say that it can't possible be securely over networks, since it lacks authentication. So open inet IIOP ports have been the source of concerns all the time, so we've tried to avoid them. I've tried to solve that problem by writing MICOSec, which works using standard CORBA mechanisms. It uses the same authentication mechanisms Gnome/ORBit uses, (that is: cookie passing via the Principal field in IIOP), so the two methods are compatible. The level of security should be about the same DCOP is currently offering (well, perhaps DCOP actually offers less - I didn't read the code). However, both, DCOP and MICOSec are currently vulnerable to TCP sniffing attacks, as no encryption of the traffic is performed. MICO is in the somewhat better position, since it implements the IIOP over SSL protocol, so if you use that, you are secure. You can get micosec at: http://space.twc.de/~stefan/kde/download/micosec.tar.gz It requires no changing of mico code, or client code. Just adding one more line of initialization. Cu... Stefan -- -* Stefan Westerfeld, stefan@space.twc.de (PGP!), Hamburg/Germany KDE Developer, project infos at http://space.twc.de/~stefan/kde *-