[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Common server activation
From:       Steffen Hansen <stefh () mip ! sdu ! dk>
Date:       1999-06-26 9:43:18
[Download RAW message or body]

On Sat, 26 Jun 1999, Simon Hausmann wrote:

> > I think it would be awfully nice to have a solution that doesn't depend on
> > X. My understanding is that we use X for authentication, though.
> 
> Yes, that's why I understood from the libgnorba sources, too. But IMHO
> there's nothing wrong with your approach in general. While developing the
> kde daemon we thought about a similar approach, but we couldn't find a
> proper solution for cookies (Steffen - can you comment on this, please :).

There are (at least) two problems with this. ORBit uses a proprietary
interface for this. We could do something similar with CORBA's
Interceptors, but then the cookie would be checked on every invokation,
which will lead to a performance penalty. 

The other problem is that a cookie based scheme is a bit naive. It is too
easy to give away your cookie to an untrusted CORBA server by accident. I
dont really have a solution for this. Maybe we could use a scheme where
the server can propose a challenge to the client, a challenge that can be
answered without revealing the cookie. It requires two-way communication
through.

greetings,
-- 
Steffen Hansen                            
email: stefh@mip.sdu.dk, stefh@imada.sdu.dk, hansen@kde.org 
URL:   http://www.mip.sdu.dk/~stefh       

[prev in list] [next in list] [prev in thread] [next in thread]