river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Trasuk <tras...@stratuscom.com>
Subject Re: The internet - Proxy Isolation - Denial of Service Attack.
Date Tue, 08 Feb 2011 15:59:37 GMT

On Tue, 2011-02-08 at 10:49, Gregg Wonderly wrote:
> On 2/7/2011 8:44 PM, trasukg@trasuk.com wrote:
> > Seems like this behavior ('isolate proxy') would be something you could specify
as an invocation constraint when you prepare the registrar proxy.
> I think that they are focused specifically on the fact that the registrar is 
> already unmarshalling the proxy before you see it to do proxy preparation.  So, 
> anything it does in the no-args constructor is a point of exposure to DOS attacks.

Right, but the registrar itself is represented by a proxy (i.e.
LookupDiscoveryManager has a 'registrarPreparer' configuration item). 
Since this behaviour ('isolate service proxy') is orthogonal to the
lookup method's core functionality, doesn't it make sense to put an
invocation constraint on the _registrar_ proxy, the same as we might put
a 'make sure communication with the registrar is confidential'


Greg Trasuk, President
StratusCom Manufacturing Systems Inc. - We use information technology to
solve business problems on your plant floor.

View raw message