[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    MICOSec - secure ORB access
From:       Stefan Westerfeld <stefan () space ! twc ! de>
Date:       1999-10-25 17:51:47
[Download RAW message or body]

   Hi!

Since mico is used in KDE, people say that it can't possible be securely
over networks, since it lacks authentication. So open inet IIOP ports have
been the source of concerns all the time, so we've tried to avoid them.

I've tried to solve that problem by writing MICOSec, which works using
standard CORBA mechanisms. It uses the same authentication mechanisms
Gnome/ORBit uses, (that is: cookie passing via the Principal field in IIOP),
so the two methods are compatible.

The level of security should be about the same DCOP is currently offering
(well, perhaps DCOP actually offers less - I didn't read the code).

However, both, DCOP and MICOSec are currently vulnerable to TCP sniffing
attacks, as no encryption of the traffic is performed. MICO is in the
somewhat better position, since it implements the IIOP over SSL protocol,
so if you use that, you are secure.

You can get micosec at:

  http://space.twc.de/~stefan/kde/download/micosec.tar.gz

It requires no changing of mico code, or client code. Just adding one more
line of initialization.

   Cu... Stefan
-- 
  -* Stefan Westerfeld, stefan@space.twc.de (PGP!), Hamburg/Germany
     KDE Developer, project infos at http://space.twc.de/~stefan/kde *-

[prev in list] [next in list] [prev in thread] [next in thread]