Archived
This forum has been archived. Please start a new discussion on GitHub.
suggest for Security of ice
I have found that ice is very excellent than CORBA, special for Security,But I think it can be improved better.
one suggest:
This time ICE implement Security in firewall, But I think it can be implement in ICE inner, this time in inner network, anybody who know IP address and Port which ICE is listened can connect to it. I think that who want to connect to ICE Services must put username and password, if not, then ICE don't let it to connect. and also ICE can implement java J2EE Security.
two suggest:
ICEstorm is very simple and have no Security, anybody who knnow IP address and Port can connect to it. I think IceStorm may implement security too.
and IceStorm can implement Java™ Message Service (JMS) 1.1 Requirements
one suggest:
This time ICE implement Security in firewall, But I think it can be implement in ICE inner, this time in inner network, anybody who know IP address and Port which ICE is listened can connect to it. I think that who want to connect to ICE Services must put username and password, if not, then ICE don't let it to connect. and also ICE can implement java J2EE Security.
two suggest:
ICEstorm is very simple and have no Security, anybody who knnow IP address and Port can connect to it. I think IceStorm may implement security too.
and IceStorm can implement Java™ Message Service (JMS) 1.1 Requirements
0
Comments
-
Regarding your first suggestion, Glacier can do exactly that. It acts as a firewall, session manager, and can also use any password authentication mechanism of your choice by implementing the PermissionsVerifier interface.
Regarding the second suggestion, you can use SSL with client-side authentication. Then only clients holding the proper certificate can connect.0 -
Thanks for your ansower.
for your second ansower, but java can't use SSL, How can I implement it in java?0 -
Sorry, there is currently no SSL for Ice for Java. You could, however, have all clients route through Glacier, and use IceStorm on the back-end.0
-
is glacier security enough?
the frontend which run glacier must open all port,
that was very dangerous!0 -
You don't need to open all ports, only the ones >= 1024. I don't see why this is dangerous, if you don't run any programs that listen on these ports (other than Glacier).0
-
ok
that's ok,port>= 1024
The method of Glacier is defective in practice.
,because client network environment is protected due to security,and in such circumstance,maybe only several ports could be accessible.0 -
I disagree. We use Glacier all the time in practice, and I can't see anything defective.
For the client side, you don't need to open any incoming ports, only outgoing ports. This is the default for all firewalls I know of (dlink, linksys, ...), meaning that for the client side firewalls, you usually don't need to configure anything.0 -
1 port
They will close port mostly,except some special port ,such as 80
in many office.These clients will not connect to server.So fewer port will
make more simply to process such Scenario.
we can select a very popular port,such as 80,so most of client can connect.
and glacier starter will pass connection to router,that's will decrease dependecy will network evironments.0
