river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Hobbs <tvho...@googlemail.com>
Subject Re: Towards Internet Jini Services (trust)
Date Mon, 04 Oct 2010 12:13:30 GMT
I like this.  Sim is formalising something that I've been failing to
articulate properly.

Programmatically protecting a JVM from a malicious proxy is a Hard Thing to
do, which doesn't mean we shouldn't do it.  But this approach seems cleaner
in many ways.  Not to mention it's based on existing security patterns.

On Mon, Oct 4, 2010 at 1:09 PM, Sim IJskes - QCG <sim@qcg.nl> wrote:

> On 10/04/2010 01:54 PM, Michal Kleczek wrote:
>> This is why TLS is so important. With TLS you have authentication and
>>> encryption in one solution. You can configure the level of encryption
>>> and the mechnisms for authentication differently for each application.
>>> It provides you with an end-to-end solution, so you can use any insecure
>>> path you like.
>> So you meant TLS between the client and the service in your previous post?
>> But how can the client communicate with the service before unmarshalling
>> the
>> service proxy?
> Before i can start unmarshalling, i need to load the class from the
> classloader. This classloader connects to the code providing server. The
> classloader and server handshake, and exchange certificates. If anything is
> fishy, the connection is severed, and whe only have lost the few bytes from
> the handshake.
> Gr. Sim

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message