safety
Using the network to distribute application system to a challenge, not only because of the physical limitations of bandwidth and some potential issues, but also because it produces some security issues between customers, components, and clients and components. Because many of the operations can be accessed by any person in the network, access to these operations should be limited to a high level.
If the distributed development platform does not provide safe support, each distributed application must complete your own security mechanism. A typical method is to use a certain login method to require the user to detect the username and password, which is generally encrypted. The application system will confirm the above user identity through the user database or the relevant directory, and return dynamic identifiers so that the user is used to call. User needs to pass this security check each time you involve a safe checkup method. Each application system has to store and manage many usernames and passwords, preventing users from performing unauthorized access, management password changes, and is dangerous to handle passwords on the network. Therefore, the distributed platform must provide a security framework to independence different users or different groups of users so that the system or application has a way to know who will operate a component. DCOM uses the extended security frame for Windows NT. Windows NT offers a set of solid built-in security modules that offer a complex identity confirmation and authentication mechanism from traditional credit fields to non-centralized management models, which greatly expands public key security mechanisms. The central part of the security frame is a user directory that stores the necessary information used to confirm the user credentials (username, password, public key). Most of the Windows NT platform-based systems provide similar or identical extension mechanisms, we can use this mechanism without using which security module is used on this platform. Most DCOM's UNIX versions provide security modules with Windows NT platforms.
Security settings
DCOM does not need to make any coding and design work for any specifically for security on the client and components, can provide security guarantees for distributed applications. As the DCOM programming model is blocked, it also shields the security needs of the component. The binary code that works in a single-machine environment that does not need to consider the safety of safety can work in a safe way in a distributed environment. DCOM enables the developer and administrators to set security environments for each component to make security transparency. Just like the Windows NT allows administrators to set the Access Control List (ACLS) for files and directory, DCOM stores the component's access control list. These lists clearly indicate which users or user groups have access to a component of a class. These lists can be set by using the DCM setup tool (DCMCNFG) or the REGISTRY of Windows NT and Win32 in programming. As long as a customer process calls a method or creates an instance of a component, DCOM can get the current user name of the user using the current process (actually being currently being executed). Windows NT ensures that this user's credentials are reliable, then DCOM will run the username's machine or process. Then the DCOM on the component once again checks the user name again, and finds the component in the Access Control List (actually looking for the first component that is running in the process of this component). If this user is not included in this list (neither directly in this table is not a member of a user group), DCOM will reject this call before the component is activated. This security mechanism is completely transparent to users and components and is highly optimized. It is based on a Windows NT security framework, and this framework is the most often used (also the most perfect!) In the Windows NT operating system, and access to each pair file or synchronous thread, such as an event or signal. The same access check. Windows NT can compete with similar operating systems and network operating systems and exceed their facts that this security mechanism can be displayed.
Figure 13 Security Settings
DCOM provides a very effective default security mechanism that enables the developer to develop secure distributed applications without any security issues. Programming control for security
For some application systems, it is not enough to access control lists of the component level because some of the methods in one component are only available by specific users.
Example: A business settlement component can have a method to log in to a new transaction, and another method is used to get existing transactions. Only only financial groups ("Accounting" user group) can add new transactions, and only senior managers ("Upper Management" user group) can view transactions.
As mentioned in the above, the application system can achieve its own security by managing your own user database and security credentials. However, work under a standard security framework will bring more benefits to end users. Without a unified security framework, users need to remember and manage the corresponding login credentials for each application they use. Developers can deliver security issues for each component.
DCOM provides security user-friendly requirements to certain components and applications by joining Windows NT.
What is the choice of security as required by the application of DCOM security standards? When a method call is coming, the component requires DCOM to provide the customer's identity. Then, according to its identity, the called thread only performs some of the operations in the security objects that the customer executes. Then, the component will try to access security objects such as login characters. There is an access control list ACL in these objects. If the access fails, the customer is not in the ACL, the component refuses to call. By selecting different login words, components can be used in a very simple, but flexible, based on different login characters, but flexible, but flexible.
Figure 14 Using the security interface of login word
Components can easily get customer usernames and use it to find relevant licensing and strategies in their own database. This strategy uses the identification mechanism provided by the security framework of Windows NT (password / public key, transmission line, etc.). The application system does not need to worry about the storage password and other relevant sensitive information. The new version of Windows NT will provide an extended directory service that allows the application to store user information into the user database of Windows NT. DCM is more flexible. Components can require different levels of encryption and different levels of identification, while preventing components from using their own credentials while identifying authentication.
Security on the Internet
It needs to face two major issues when designing application systems on the Internet.