Archived

This forum has been archived. Please start a new discussion on GitHub.

session factory yet again

I have a very simple question after reading a lot about Ice.

If I add a proxy to the adapter with UUID as an identity, and send it to the client using secured connection, may I be sure that such a proxy can be used only by this very client (because no one else would know the UUID, which suppose to be unique)?
And because of that any authorization/authentication may be done only during the creating of such a proxy?

Tomek

Comments

  • matthew
    matthew NL, Canada
    In short, no. The proxy could always be "leaked" to other clients, and so this is not safe. The best thing to do is to use Glacier2 sessions. In contrast to the approach you have outlined, Glacier2 associates the session UUID to the life cycle of the connection from the client. Once the connection is gone, the session is already gone, and the session cannot be used from anything other than the originating client.
  • xdm
    xdm La Coruña, Spain
    Hi Tomasz

    There is not implicit authentication when you contact a servant throw a ssl proxy, if other client is able to guest the UUID your aproach not waranted that only the first client can contact, when could be dificult to a program guest what UUID you are using it could be doable, specially if the client is infected with same kind of virus, malware, etc.

    A better approach to the problem you are describing is to use Glacier2 Filtering feauture, you could read about this in Manual 39.5.2 Glacier2 Filtering

    Cheers,
    José
  • Thank you for your answers:)

    Do I think correctly that in such a case, uuid can be obtained only in case of a poor security of the client's host?

    I am considering writing a real-time game set in space. I was looking into ways of creating sessions on my own for two reasons:
    a) Real-time action events should probably be handled using UDP. I hope that Ice is lightweight enough to be used for this purpose, so I could gain the ability to write the interface using slice. Glacier2 does not provide support for UDP. Unfortunately, I keep in mind that UDP protocol would show the identity of proxies (used for events) to anyone listening, but I don't see a good solution for this.
    b) I was thinking of providing end-user with the game server that can be run by him/her; I am not expecting the knowledge to setup and start Glacier2. (Maybe I should do this programmatically?)
  • xdm
    xdm La Coruña, Spain
    Do I think correctly that in such a case, uuid can be obtained only in case of a poor security of the client's host?

    I also don't see any other alternative.
    a) Real-time action events should probably be handled using UDP. I hope that Ice is lightweight enough to be used for this purpose, so I could gain the ability to write the interface using slice. Glacier2 does not provide support for UDP. Unfortunately, I keep in mind that UDP protocol would show the identity of proxies (used for events) to anyone listening, but I don't see a good solution for this.

    At this point there is no UPD support but you could use oneway calls and get great performance, the major advantage of Glacier2 is authentication, session support, additionally protection for server back, and the ability for clients to have callbacks without the need to open ports in the client firewalls.
    b) I was thinking of providing end-user with the game server that can be run by him/her; I am not expecting the knowledge to setup and start Glacier2. (Maybe I should do this programmatically?)

    You could create your game as a service and install Glacier2 as other service, then you could configure your game service to depends on Glacier2 service.

    Cheers,
    José