Re: ODBC

[Rudolf Schreiner <ras () muc de>]

On Mon, 11 May 1998, Bennett Todd wrote:

> The over-the-wire protocol our developers were proposing to use was
> related to CORBA (I don't know for sure if CORBA actually specifies the
> network protocol, of if it's just another API spec). 

CORBA's normal over-the-wire protocol is IIOP. IIOP is specified by the OMG 
to ensure interoperability between ORBs.

> The datbase backend
> was ODBC<==>CORBA. I stated that (a) database implementations are huge,
> complex, and never designed with security as a goal; (b) there were no
> security provisions available in any implementation we could find of the
> proposed protocol; 

Until recently security was not CORBA's strong side. You had to implement 
it by yourself. Now many vendors support IIOP over SSL and some even the 
new security service.

> and (c) we could find no proxy that gave fine-grained
> control of the requests it would be willing to forward.

Some "CORBA proxies" are really weak about security, e.g. they tunnel 
IIOP in HTTP without any access control or  you have to use a filtering 
router to limit access. The problem is that now there is no CORBA firewall 
standard, just some proposals. IMHO the best is the submission based on IONA's 
Wonderwall. The Wonderwall is a full IIOP proxy and supports filtering 
based on request header information. Filtering based on the request body 
is impossible because the proxy doesn't know the interface definition.
Another possibility is writing your own customized proxy. It's flexible 
and not very difficult, but an ORB is a big piece of complex OO software. 
Running such a huge proxy on a firewall without additional protection 
doesn't give me a good feeling.

> Based on these
> limitations we ended up replicating the data out onto a sacrificial
> machine in the DMZ, sanitizing it as best we could, and protecting that
> machine the best we could with the screening router.

Now some companies use CORBA in security sensitive areas and over 
firewalls. 

Rudi