• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

A few questions:

 
Michael Chang
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, Everybody
I have a few questions. Please help me out.
1. I know RMI can use http tunnelling to bypass firewall. Is there a way CORBA or EJB can bypass firewall through http tunneling? I guess not.
2. In CORBA, remote operation parameters can be passed by either value of reference. Correct?
3. In the default security environment, can untrusted code initiate any network connection? I guess yes because "listen" is permitted for any port 1024-.
4. In the default security environment, can untrusted code load another untrusted class? I think so.
Thank you very much.
Michael
 
Michael Chang
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can someone please clarify my doubts about the questions?
Thanks a lot.
Michael
 
Vivek Viswanathan
Ranch Hand
Posts: 350
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
Here is my view
1. I dont think IIOP (CORBA) can be tunneled through the firewall, though there exist some application level firewalls that can be confuigured to allow IIOP through them. As for EJB , it can either use the JRMP Protocol ( same as that used by RMI ) or RMI-IIOP, I am not sure if EJB using JRMP can be tunnled through the firewalls, since it is the same protocol as RMI it seems that it should allow it...but I am not that sure here, and RMI-IIOP has the same same reasoning as given for IIOP.
2. Correct me if I am wrong CORBA 2.3 and above allows pass by value.. I am not that sure of the version number.

3. If the untrusted code is an application and that application is executeed with out specifying any Security manager, then you have
a. Win95/98 : The applcaiton can listen initiate a n/w connection on any port.
b. Linux : Only if you have logged in as root you can initiate a connection on any port, if you have looged in as any other user you can initate a coonection on any port > 1024 ( I am not sure if the same thing applies for WinNT and Win2000 Server )
4. I guess you are right.
Vivek Viswanathan
Suddenly it is very quite in this forum ??? Where is every body ???
 
scott irwin
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1) Tunneling can be nothing more than using the Command pattern to serialize a request and stuff into an HTTP request (open port 80) and stream in the result. A servlet can be used to deserialize the Command/XML and delegate the request (i.e., issue CORBA call). The result must be serialized and streamed out. You tunnel the request (as a String) not the protocol (IIOP, JRMP). RMI and URLConnection give you some "roll your own" features. But effectively, you are doing the same.
3) "Listen" is a permission that must be granted.
4) Code doesn't load code, unless you are talking about native libraries which requires permission. Untrusted code might require some class which isn't loaded and the appletloader would attempt to load that class, given the state of the permissions.
Scott
[This message has been edited by scott irwin (edited May 31, 2001).]
 
Michael Chang
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for your replies. What I meant by "untrusted code loads untrusted code" is that untrusted code uses some other untrusted classes that need to be loaded by the classloader. So from your replies, I think the answer is yes. does anyone have a clear answer for the CORBA pass by value/reference question?
Thanks.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic