[PolyORB-users] Access control, etc. in PolyORB and DSA

Thomas Quinot quinot at adacore.com
Fri Oct 22 15:39:02 CEST 2010

Previous message: [PolyORB-users] Access control, etc. in PolyORB and DSA
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Phil Brooke, 2010-10-22 :

> I can see that PolyORB has support for some CORBA security services.  What 
> is the situation in terms of Ada's distributed systems annex?  (My 
> understanding of the DSA is that it simply doesn't specify these aspects.)

Right, the DSA specification says nothing about that.

> For example, suppose I take the mailbox example from the distribution. 
> Is it correct to assume that a real deployment needs to take care of 
> authentication and authorisation itself?

Yes. Maybe you could leverage some of the existing SSLIOP code to that
effect, but we are not aware of any specific attempts to set that up. In
any case, new APIs and notations would need to be defined to allow an
interaction between the application and the underlying security
framework.

> Is the PolyORB code resistant to deliberate attempts to send bad packets?
> (E.g., sending junk to a partition's ports.)

While we try hard to make PolyORB robust against incorrect input and
behave as correctly as possible in the presence of malformed packets,
there's really no guarantee that deliberate incorrect packets won't
cause unwanted behaviour (i.e. junk packets probably won't crash PolyORB
but might call application code with unexpected input).
 
Thomas.

-- 
Thomas Quinot, Ph.D. ** quinot at adacore.com ** Senior Software Engineer
               AdaCore -- Paris, France -- New York, USA

Previous message: [PolyORB-users] Access control, etc. in PolyORB and DSA
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the PolyORB-users mailing list