Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Modeling » EMF » [CDO] Security aspects for access rights
[CDO] Security aspects for access rights [message #1780011] Tue, 16 January 2018 14:17 Go to next message
Robert Schulk is currently offline Robert SchulkFriend
Messages: 33
Registered: July 2015
Member
Hi all,

has there ever been any analysis/review of the security for access to the CDO database? Is the security implementation CDO specific or are there off-the-shelf components used for critical parts?

The general question that I am asking myself is: could I expose a CDO server directly to the internet, or would it be wise to use some VPN or similar on top?
Re: [CDO] Security aspects for access rights [message #1780037 is a reply to message #1780011] Tue, 16 January 2018 17:21 Go to previous message
Eike Stepper is currently offline Eike StepperFriend
Messages: 6380
Registered: July 2009
Senior Member
Robert Schulk wrote on Tue, 16 January 2018 15:17
Hi all,

has there ever been any analysis/review of the security for access to the CDO database?


I'm not aware of any such analysis.

Robert Schulk wrote on Tue, 16 January 2018 15:17
Is the security implementation CDO specific or are there off-the-shelf components used for critical parts?


That depends a little bit on what "security" is for you. Let's assume that security is a combinatoin of authentication and authorization.

Authentication in CDO is implemented with a Diffie-Hellman protocol (see org.eclipse.net4j.util.security.DiffieHellman) that allows clients to hook in a credentials provider (see org.eclipse.emf.cdo.session.CDOSessionConfiguration.setCredentialsProvider) and allows the server to hook in an authenticator (see org.eclipse.emf.cdo.server.ISessionManager.setAuthenticator).

For authorization there exist a number of hooks in the server. The most important ones are write access handlers (see org.eclipse.emf.cdo.server.IRepository.addHandler) and permission managers (see org.eclipse.emf.cdo.spi.server.InternalSessionManager.setPermissionManager). They're all a bit low-level, but there's a nice default implementation in org.eclipse.emf.cdo.server.internal.security.SecurityManager, which is documented in https://wiki.eclipse.org/CDO/Security_Manager .

Robert Schulk wrote on Tue, 16 January 2018 15:17
The general question that I am asking myself is: could I expose a CDO server directly to the internet, or would it be wise to use some VPN or similar on top?


Hard to decide without knowing about your specific concerns. I'd say, the more restrictions on networking level the better ;-)
Previous Topic:Annoted Java generation broken in latest EMF?
Next Topic:[XCORE] generated class files not updated
Goto Forum:
  


Current Time: Sun May 27 23:17:11 GMT 2018

Powered by FUDForum. Page generated in 0.01885 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top