09-05-2004
|
#1 |
|
|
RMI Security
Our company is developing a distributed RMI application for a hospital. In this app, the permissions of accessing remote services depend on the role of the user. Currently, we are thinking of putting the security check on the GUI, i.e. if the user cannot perform a delete action then the delete button is disabled however there are 2 issues regarding this (???): -We wonder if it is possible for a program to change the state of a control (i.e. enable a button) of the Java GUI? -Secondly, what if someone just write another client app, retrieving the services from the registry and invoke the methods of them? Are the 2 actions are possible? -If no, then is it true that we can go on with the client security check only or there is other threat besides the above? -If yes, then we have to perform another check on the server-side, i.e. place in every single remote method a security check against the user p***ed in the method as well (as a additional parameter)? Or is there any better way to do this kind of server check? We are looking forwards to any ideas and suggestions! Thank you! |
|
09-05-2004
|
#2 |
|
|
Re: RMI Security
"Buu Nguyen" <buunguyen@psv.com.vn> wrote in message news:edc2d878.0409050510.125ce460@posting.google.c om... > Hi everyone, > > Our company is developing a distributed RMI application for a > hospital. In this app, the permissions of accessing remote services > depend on the role of the user. Currently, we are thinking of putting > the security check on the GUI, i.e. if the user cannot perform a > delete action then the delete button is disabled however there are 2 > issues regarding this (???): > > -We wonder if it is possible for a program to change the state of a > control (i.e. enable a button) of the Java GUI? > > -Secondly, what if someone just write another client app, retrieving > the services from the registry and invoke the methods of them? This is the key security issue and why you shouldn't rely on the GUI to do security for you. Anyone that can connect to your server may make up any data they choose and do whatever they please unless you make the server perform authentication and permission checking. If security is critical to your application you're going to have to design a real security presentation mechanism through your RMI protocol that your GUI can link into it and know in advance (for the user's sake) what actions are permitted and which are not. Even if you make this very simple, in the worst case, the user willll simply get an access violation dialog without causing any damage or otherwise crashing the program. Cheers, Matt Humphrey matth@ivizNOSPAM.com http://www.iviz.com/ |
|
09-06-2004
|
#3 |
|
|
Re: RMI Security
> This is the key security issue and why you shouldn't rely on the GUI to do > security for you. Anyone that can connect to your server may make up any > data they choose and do whatever they please unless you make the server > perform authentication and permission checking. If security is critical to > your application you're going to have to design a real security presentation > mechanism through your RMI protocol that your GUI can link into it and know > in advance (for the user's sake) what actions are permitted and which are > not. Even if you make this very simple, in the worst case, the user willll > simply get an access violation dialog without causing any damage or > otherwise crashing the program. > > Cheers, > Matt Humphrey matth@ivizNOSPAM.com http://www.iviz.com/ Can you suggest a way to do it efficiently? For our case, we're gonna place an ***ertion of permission in every remote method call and seem to be cubersome, thus we expect something like a filter (like one of the Servlet Container) that can be plugged into RMI to ***ert permission of a caller before forward it to the approriate function call. Is it possible? |
Linear Mode
