Archived

This forum has been archived. Please start a new discussion on GitHub.

Public (anonymous) subscribers to TopicManager without authentication: safe?

We have an application which internally communicates with Ice... and we would like to create a "public" IceStorm instance that publishes a datastream so that anyone on the internet can connect. The main application has to be inside a strong firewall but the IceStorm "repeater" should be completely accessible, but allow no control or even permit any communication from the outside to the inside of the firewall.

I think I understand what would need to be done to implement this, with an IceStorm process running on a computer outside the firewall that the server connects to and publishes topics to, but I don't know if it will be safe. Absolutely no outside-initiated packets can ever be allowed to pass to the inside of the firewall.

I can't find information in the documentation that addresses this - will setting up the publisher->IceStorm connectoin as "one-way" address this security issue?

Comments

  • benoit
    benoit Rennes, France
    Hi,

    You could deploy an IceStorm instance on the computer outside the firewall and have your internal services publish to it. It just requires allowing outgoing connections from the internal network to the outside (which is in general allowed). It doesn't require to open a hole on the firewall since IceStorm on the public network doesn't need to establish connections to the publisher. So the firewall just need to allow TCP/IP outgoing connections from the inside to the outside.

    However, note that you shouldn't let your clients directly connect to this IceStorm instance since you'll have a hard time to protect it from malicious clients which could for example destroy all your topics.

    Instead, you should use Glacier2 and implement a session service that acts as a facade for your clients. The session interface provided to your clients would have subscribe/unsubscribe methods. The implementation of these methods would call on the IceStorm topic to subscribe/unsubscribe the client subscriber to the IceStorm service running on the local machine. So to summarize, the public machine would run Glacier2 on a public accessible port and it would run a session service and IceStorm on a network which isn't accessible to the outside.

    I recommend you to have a look at our chat demo here: ZeroC - Chat Demo - Introduction

    It doesn't use IceStorm but it should provide you a better idea on how works Glacier2 and session pattern.

    Cheers,
    Benoit.