(Previous)
DCOM implementation Distributed Applications (4)
safety
Using the network to distribute application system to a challenge, not only because of the physical limitations of bandwidth and some potential issues, but also because it produces some security issues between customers, components, and clients and components. Because many of the operations can be accessed by any person in the network, access to these operations should be limited to a high level.
If the distributed development platform does not provide safe support, each distributed application must complete your own security mechanism. A typical method is to use a certain login method to require the user to detect the username and password, which is generally encrypted. The application system will confirm the above user identity through the user database or the relevant directory, and return dynamic identifiers so that the user is used to call. User needs to pass this security check each time you involve a safe checkup method. Each application system has to store and manage many usernames and passwords, preventing users from performing unauthorized access, management password changes, and is dangerous to handle passwords on the network. Therefore, the distributed platform must provide a security framework to independence different users or different groups of users so that the system or application has a way to know who will operate a component. DCOM uses the extended security frame for Windows NT. Windows NT offers a set of solid built-in security modules that offer a complex identity confirmation and authentication mechanism from traditional credit fields to non-centralized management models, which greatly expands public key security mechanisms. The central part of the security frame is a user directory that stores the necessary information used to confirm the user credentials (username, password, public key). Most of the Windows NT platform-based systems provide similar or identical extension mechanisms, we can use this mechanism without using which security module is used on this platform. Most DCOM's UNIX versions provide security modules with Windows NT platforms.
Security settings
DCOM does not need to make any coding and design work for any specifically for security on the client and components, can provide security guarantees for distributed applications. As the DCOM programming model is blocked, it also shields the security needs of the component. The binary code that works in a single-machine environment that does not need to consider the safety of safety can work in a safe way in a distributed environment. DCOM enables the developer and administrators to set security environments for each component to make security transparency. Just like the Windows NT allows administrators to set the Access Control List (ACLS) for files and directory, DCOM stores the component's access control list. These lists clearly indicate which users or user groups have access to a component of a class. These lists can be set by using the DCM setup tool (DCMCNFG) or the REGISTRY of Windows NT and Win32 in programming. As long as a customer process calls a method or creates an instance of a component, DCOM can get the current user name of the user using the current process (actually being currently being executed). Windows NT ensures that this user's credentials are reliable, then DCOM will run the username's machine or process. Then the DCOM on the component once again checks the user name again, and finds the component in the Access Control List (actually looking for the first component that is running in the process of this component). If this user is not included in this list (neither directly in this table is not a member of a user group), DCOM will reject this call before the component is activated. This security mechanism is completely transparent to users and components and is highly optimized. It is based on a Windows NT security framework, and this framework is the most often used (also the most perfect!) In the Windows NT operating system, and access to each pair file or synchronous thread, such as an event or signal. The same access check. Windows NT can compete with similar operating systems and network operating systems and exceed their facts that this security mechanism can be displayed.
Figure 13 Security Settings
DCOM provides a very effective default security mechanism that enables the developer to develop secure distributed applications without any security issues. Programming control for security
For some application systems, it is not enough to access control lists of the component level because some of the methods in one component are only available by specific users.
Example: A business settlement component can have a method to log in to a new transaction, and another method is used to get existing transactions. Only only financial groups ("Accounting" user group) can add new transactions, and only senior managers ("Upper Management" user group) can view transactions.
As mentioned in the above, the application system can achieve its own security by managing your own user database and security credentials. However, work under a standard security framework will bring more benefits to end users. Without a unified security framework, users need to remember and manage the corresponding login credentials for each application they use. Developers can deliver security issues for each component.
DCOM provides security user-friendly requirements to certain components and applications by joining Windows NT.
What is the choice of security as required by the application of DCOM security standards? When a method call is coming, the component requires DCOM to provide the customer's identity. Then, according to its identity, the called thread only performs some of the operations in the security objects that the customer executes. Then, the component will try to access security objects such as login characters. There is an access control list ACL in these objects. If the access fails, the customer is not in the ACL, the component refuses to call. By selecting different login words, components can be used in a very simple, but flexible, based on different login characters, but flexible, but flexible.
Figure 14 Using the security interface of login word
Components can easily get customer usernames and use it to find relevant licensing and strategies in their own database. This strategy uses the identification mechanism provided by the security framework of Windows NT (password / public key, transmission line, etc.). The application system does not need to worry about the storage password and other relevant sensitive information. The new version of Windows NT will provide an extended directory service that allows the application to store user information into the user database of Windows NT. DCM is more flexible. Components can require different levels of encryption and different levels of identification, while preventing components from using their own credentials while identifying authentication.
Security on the Internet
It needs to face two major issues when designing application systems on the Internet.
Make it in the largest company, the number of users on the Internet will increase several orders than the original. The end user wants all applications they use to use the same public key or password, even if these applications are provided by different companies. Companies that provide services cannot store the user's private password in the application system or security framework. How does DCM's flexible security structure helps apply to solve these problems? For this issue, DCOM uses the security framework of Windows NT (see Security Section). The security architecture of Windows NT provides multiple security modules, including: Windows NT NTLM authentication protocol, which is used in Windows NT 4.0 and previous versions of Windows NT. Kerveros Version 5 identification protocol, which is the most important security protocol in handling NTLM in handling Windows NT and Windows NT. Distributed Password Identification (DPA), such as the shared password authentication protocol used by some companies in the largest Internet member organizations of MSN and Compuserve. Security Channel Services, it is used to complete the SSL / PCT protocol in Windows NT 4.0. The next version of Windows NT will strengthen support for the public key protocol supporting the SSL 3.0 customer authentication system. A DCE proposed security module, which can be added as a third-party tool in Windows NT. All of these modules are working on the Standard Internet Protocol, each has its own advantages. NTLM security modules and Kerberos-based modules that are replaced in Windows NT 5.0 are private key base protocols. They are very effective in centralized management environments and a Windows NT server-based local area network using mutual or unilateral trust relationships. For most UNIX systems, NTLM can be used for commercial implementation. (For example, the Advanced Server For UNIX Systems "of the AT & T of the AT & T. Directory services using Windows NT 4.0 can be extended to approximately 100,000 users. With Windows NT 5.0 Extended Directory Services, a Windows NT domain controller can extend to approximately 100 million users. By incorporating multiple domain controllers into a directory tree of Windows NT 5.0, users who can support in one domain are actually unlimited. The Kerberos-based security module of Windows NT 5.0 introduces more advanced security concepts such as control of component behavior, for example, in customer authentication. It is less resource occupied by the NTLM security providing module when performing identification. Windows NT 5.0 also provides a public key based on security modules. This module can be distributed to security credentials in a Windows NT-based application and DCOM-based applications. Identity authentication using a public key is not as valid, but it allows identification to identify without having to store private credentials. Because there are so many different basic security providing modules (private key, public key) can be used, the DCOM-based distributed application can do not need to make any changes to it, even more advanced , For security sensitive applications. The security framework for Windows NT makes it easy to expand applications without sacrificing flexibility and performing performance. (Next)