summaryrefslogtreecommitdiff
path: root/TAO/orbsvcs/DevGuideExamples/Security/SecurityUnawareApp/README
diff options
context:
space:
mode:
Diffstat (limited to 'TAO/orbsvcs/DevGuideExamples/Security/SecurityUnawareApp/README')
-rw-r--r--TAO/orbsvcs/DevGuideExamples/Security/SecurityUnawareApp/README172
1 files changed, 172 insertions, 0 deletions
diff --git a/TAO/orbsvcs/DevGuideExamples/Security/SecurityUnawareApp/README b/TAO/orbsvcs/DevGuideExamples/Security/SecurityUnawareApp/README
new file mode 100644
index 00000000000..7eebb03ebfb
--- /dev/null
+++ b/TAO/orbsvcs/DevGuideExamples/Security/SecurityUnawareApp/README
@@ -0,0 +1,172 @@
+TAO Security
+
+DevGuideExamples/Security/SecurityUnawareApp/README
+
+This directory contains an illustration of a security unaware
+application. The examples vary the client's configuration to
+demonstrate different features. For each of these examples,
+however, the client and server process code remains the same.
+
+For readability, long text lines from the example's service
+configuration files are split into multiple lines. A backslash
+indicates the end of partial line except for the final fragment.
+The backslashes should be removed and the fragments joined for
+use with the example programs.
+
+For simplicity, the pass phrases have been stripped from the
+private keys included with these examples in the 1.2a release.
+This *should not* be construed as a recommended practice. Instead,
+OCI strongly recommends that the security requirements of each
+real-world application be evaluated carefully and that appropriate
+procedures and practice be established accordingly. Private keys
+without pass phrase protection are easily compromised and may
+allow an unauthorized party to masquerade as an authorized system
+user.
+
+Prior to running the server in these examples, the SSL_CERT_FILE
+environment variable must be set, e.g.,
+ # /bin/bash
+ export SSL_CERT_FILE=cacert.pem
+or
+ rem Windows
+ set SSL_CERT_FILE=cacert.pem
+
+For examples 1 and 2, the client's environment should also
+define SSL_CERT_FILE appropriately. The final example
+demonstrates how to establish a connection between a client
+and server such that the client does not authenticate the
+server and therefore does not need a value for SSL_CERT_FILE.
+
+
+
+Example 1: Secured server and unsecured client
+----------------------------------------------
+The server is configured to accept requests only via secured
+connections. No specific configurationi is provided for the
+client so it has the default configuration.
+
+The server's configuration is:
+
+#
+# server.conf
+#
+dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() \
+ "-SSLAuthenticate SERVER_AND_CLIENT \
+ -SSLPrivateKey PEM:serverkey.pem \
+ -SSLCertificate PEM:servercert.pem"
+
+static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory"
+#
+# end of server.conf
+#
+
+To run the server:
+ ./MessengerServer -ORBSvcConf server.conf
+
+To run the client:
+ ./MessengerClient
+
+
+
+Example 2: Secured server and unsecured client
+----------------------------------------------
+Both server and client are configured to issue and accept
+requests via secured connections.
+
+The server's configuration is:
+
+#
+# server.conf
+#
+dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() \
+ "-SSLAuthenticate SERVER_AND_CLIENT \
+ -SSLPrivateKey PEM:serverkey.pem \
+ -SSLCertificate PEM:servercert.pem"
+
+static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory"
+#
+# end of server.conf
+#
+
+The client's configuration is:
+
+#
+# client.conf
+#
+dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() \
+ "-SSLAuthenticate SERVER_AND_CLIENT \
+ -SSLPrivateKey PEM:serverkey.pem \
+ -SSLCertificate PEM:servercert.pem"
+
+static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory"
+#
+# end of client.conf
+#
+
+To run the server:
+ ./MessengerServer -ORBSvcConf server.conf
+
+To run the client:
+ ./MessengerClient -ORBSvcConf client.conf
+
+
+
+Example 3: client doesn't authenticate server
+---------------------------------------------
+The client is configured such that it doesn't authenticate
+the server. It still employs an encrypted connection but,
+since it doesn't need a CA certificate, no value for
+SSL_CERT_FILE is required.
+
+The server's configuration is:
+
+#
+# server.conf
+#
+dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() \
+ "-SSLAuthenticate SERVER_AND_CLIENT \
+ -SSLPrivateKey PEM:serverkey.pem \
+ -SSLCertificate PEM:servercert.pem"
+
+static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory"
+#
+# end of server.conf
+#
+
+The client's configuration is:
+
+#
+# client.conf
+#
+dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() \
+ "-SSLAuthenticate NONE \
+ -SSLPrivateKey PEM:serverkey.pem \
+ -SSLCertificate PEM:servercert.pem"
+
+static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory"
+#
+# end of client.conf
+#
+
+To run the server:
+ ./MessengerServer -ORBSvcConf server.conf
+
+To run the client:
+ ./MessengerClient -ORBSvcConf client.conf
+
+If a value for SSL_CERT_FILE has already been placed in the
+client's environment, the client may be executed as follows (on
+Unix platforms):
+ SSL_CERT_FILE= ./MessengerClient -ORBSvcConf client.conf
+
+
+
+--------------------------------------------------
+Files: DevGuideExamples/Security/SecurityUnawareApp/
+
+Messenger.idl - Messenger interface definition.
+Messenger_i.h - Messenger servant class definition.
+Messenger_i.cpp - Messenger servant implementation.
+MessengerServer.cpp - MessengerServer process main.
+MessengerClient.cpp - MessengerClient process main.
+
View Lorry Controller Status