river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sim IJskes - QCG <...@qcg.nl>
Subject Re: Towards Internet Jini Services (trust)
Date Tue, 12 Oct 2010 12:23:44 GMT
On 10/12/2010 02:12 PM, Michal Kleczek wrote:
> On Tuesday 12 of October 2010 14:00:14 Sim IJskes - QCG wrote:
>>
>> It doesn't happen with readUTF(). The first bytes read are the stream
>> header, (0xac, 0xed, 0, 5), and then the length, then the bytes
>> composing the string. No parsing of TC constants, and no optional code
>> paths that can lead to out-of-anything dos attacks. Send it with
>> writeUTF, read it with a custom function limiting the length of the
>> string and voila whe have at least made it 1 step more difficult to dos.
>>
>
> I understand your arguments but I am still not convinced - you somehow have to
> send a ProxyTrust instance (or any remote object reference) so that you can
> verify codebase using it.

No you don't. You can delegate it to the IntegrityVerifier. This is the 
place where you should check the integrity. You will have enough 
information there (coded in the codebase parameter), to load the code, 
check endpoints (dns name, ip address, TLS) if wanted, check signatures, 
certificates, checksums.

Gr. Sim






Mime
View raw message