CORBA 3.4 RTF Avatar
  1. OMG Issue

CORBA34 — Bi-Directional GIOP: Masquerade security issue needs to be more explicit

  • Key: CORBA34-327
  • Legacy Issue Number: 2634
  • Status: open  
  • Source: Anonymous
  • Summary:

    Summary: The remark about masquerade at the end of ptc/98-10-11 15.8 is not
    explicit enough. This is an important security issue and it needs to
    be made explicit that a malicious client may claim that its connection
    is Bi-Directional for use with any host and port it chooses, in particular
    it may specifiy the host and port of security sensitive objects.

    In general, a server that has accepted an incoming connection has no
    way to discover the identity or verify the integrity of the client
    that initiated the connection.

  • Reported: CORBA 2.3 — Wed, 5 May 1999 04:00 GMT
  • Updated: Tue, 27 Aug 2019 10:56 GMT