Legacy Issue Number: 2634
Summary: The remark about masquerade at the end of ptc/98-10-11 15.8 is not
explicit enough. This is an important security issue and it needs to
be made explicit that a malicious client may claim that its connection
is Bi-Directional for use with any host and port it chooses, in particular
it may specifiy the host and port of security sensitive objects.
In general, a server that has accepted an incoming connection has no
way to discover the identity or verify the integrity of the client
that initiated the connection.
Reported: CORBA 2.3 — Wed, 5 May 1999 04:00 GMT
Updated: Tue, 27 Aug 2019 10:56 GMT