river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gregg Wonderly <gr...@wonderly.org>
Subject Re: The internet - Proxy Isolation - Denial of Service Attack.
Date Tue, 08 Feb 2011 16:26:26 GMT
On 2/8/2011 9:59 AM, Greg Trasuk wrote:
> On Tue, 2011-02-08 at 10:49, Gregg Wonderly wrote:
>> On 2/7/2011 8:44 PM, trasukg@trasuk.com wrote:
>>> Seems like this behavior ('isolate proxy') would be something you could specify
as an invocation constraint when you prepare the registrar proxy.
>> I think that they are focused specifically on the fact that the registrar is
>> already unmarshalling the proxy before you see it to do proxy preparation.  So,
>> anything it does in the no-args constructor is a point of exposure to DOS attacks.
> Right, but the registrar itself is represented by a proxy (i.e.
> LookupDiscoveryManager has a 'registrarPreparer' configuration item).
> Since this behaviour ('isolate service proxy') is orthogonal to the
> lookup method's core functionality, doesn't it make sense to put an
> invocation constraint on the _registrar_ proxy, the same as we might put
> a 'make sure communication with the registrar is confidential'
> constraint?

Okay, yes, I see where you are coming from.  I think the ILFactory contraints 
processing is a probable location to deal with this.  BasicInvocationHandler 
itself currently does nothing with constraints after the call is sent down to 
the BasicInvocationDispatcher instance.  So there would be some study needed to 
see how this might work using constraints.

Gregg Wonderly

View raw message