DCOM Security Categories

The following security categories are important in DCOM:

Category Meaning
Access security Specifying which clients have the right to connect with a running object. Clients might not have the right to launch a server but might be allowed to connect to one if it is already running.
Launch (activation) security Specifying which clients can start the execution of the server process on the remote machine.
Call security This essentially allows for security blanket negotiation on a 'per interface instance' level. More precisely, it enables the client to set the security blanket for each server interface proxy object which allows the server to check the security blanket per call when it arrives.

It is important to have call level security in DCOM. After a successful launch, the client might pass a remote interface pointer (actually a proxy) to another unauthorized client. If security isn't provided on a per call level, the system can be compromised.

© 1997 by Wrox Press. All rights reserved.