Legacy Issue Number: 2634
Summary: The remark about masquerade at the end of ptc/98-10-11 15.8 is not
explicit enough. This is an important security issue and it needs to
be made explicit that a malicious client may claim that its connection
is Bi-Directional for use with any host and port it chooses, in particular
it may specifiy the host and port of security sensitive objects.
In general, a server that has accepted an incoming connection has no
way to discover the identity or verify the integrity of the client
that initiated the connection.
Reported: CORBA 2.3 — Wed, 5 May 1999 04:00 GMT
Disposition: Deferred — CORBA 3.4
This proposal was generated automatically by request of the Task Force Chair Adam Mitz.
Updated: Wed, 1 Feb 2023 21:59 GMT
CORBA34 — Bi-Directional GIOP: Masquerade security issue needs to be more explicit
- Key: CORBA34-327
- OMG Task Force: CORBA 3.4 RTF