Skip to main content


Eclipse Community Forums

      Home
Home » Modeling » EMF » [CDO] Security aspects for access rights
[CDO] Security aspects for access rights [message #1780011] Tue, 16 January 2018 09:17 Go to next message
Eclipse UserFriend
Hi all,

has there ever been any analysis/review of the security for access to the CDO database? Is the security implementation CDO specific or are there off-the-shelf components used for critical parts?

The general question that I am asking myself is: could I expose a CDO server directly to the internet, or would it be wise to use some VPN or similar on top?
Re: [CDO] Security aspects for access rights [message #1780037 is a reply to message #1780011] Tue, 16 January 2018 12:21 Go to previous message
Eclipse UserFriend
Robert Schulk wrote on Tue, 16 January 2018 15:17
Hi all,

has there ever been any analysis/review of the security for access to the CDO database?


I'm not aware of any such analysis.

Robert Schulk wrote on Tue, 16 January 2018 15:17
Is the security implementation CDO specific or are there off-the-shelf components used for critical parts?


That depends a little bit on what "security" is for you. Let's assume that security is a combinatoin of authentication and authorization.

Authentication in CDO is implemented with a Diffie-Hellman protocol (see org.eclipse.net4j.util.security.DiffieHellman) that allows clients to hook in a credentials provider (see org.eclipse.emf.cdo.session.CDOSessionConfiguration.setCredentialsProvider) and allows the server to hook in an authenticator (see org.eclipse.emf.cdo.server.ISessionManager.setAuthenticator).

For authorization there exist a number of hooks in the server. The most important ones are write access handlers (see org.eclipse.emf.cdo.server.IRepository.addHandler) and permission managers (see org.eclipse.emf.cdo.spi.server.InternalSessionManager.setPermissionManager). They're all a bit low-level, but there's a nice default implementation in org.eclipse.emf.cdo.server.internal.security.SecurityManager, which is documented in https://wiki.eclipse.org/CDO/Security_Manager .

Robert Schulk wrote on Tue, 16 January 2018 15:17
The general question that I am asking myself is: could I expose a CDO server directly to the internet, or would it be wise to use some VPN or similar on top?


Hard to decide without knowing about your specific concerns. I'd say, the more restrictions on networking level the better ;-)
Previous Topic:Annoted Java generation broken in latest EMF?
Next Topic:[XCORE] generated class files not updated
Goto Forum:
  


Current Time: Wed Jul 23 12:51:00 EDT 2025

Powered by FUDForum. Page generated in 0.08118 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly