DCOM distributed application (4)

Security

Using networks to distribute application systems is a challenge, not only because of the physical limitations of bandwidth and some potential problems, it also generates security issues related to customers, components, and between customers and components. Because many operations can be accessed by anyone on the network, the access to these operations should be restricted to a high level.

If the distributed development platform does not provide security support, each distributed application must complete its own security mechanism. A typical method is to use a logon method to require users to pass the user name and password detection, which are generally encrypted. The application system will confirm the identity of the above users through the user database or related directories, and return dynamic identifiers so that users can call methods in the future. In the future, users will need to pass this security authentication every time they call methods with security checks. Each application system needs to store and manage many user names and passwords to prevent unauthorized access, to manage password changes, and to handle the danger of passing passwords on the network. Therefore, the distributed platform must provide a security framework to differentiate users in different regions or users in different groups so that the system or application can know who will operate a certain component. DCOM uses the extended security framework provided by Windows NT. Windows NT provides a solid set of built-in security modules, which are used to provide a complex identity validation and authentication mechanism from the traditional security mode in the credit field to the non-centralized management mode, the public key security mechanism is greatly extended. The central part of the security framework is a user directory, which stores the necessary information used to confirm user creden。 (username, password, and public key. Most systems that are not based on the Windows NT platform provide similar or identical extension mechanisms. We can use this mechanism without worrying about which security module is used on this platform. Most dcom unix versions provide security modules compatible with Windows NT platforms.

Security Settings

DCOM provides security protection for distributed application systems without any coding and design work dedicated to security on clients and components. Just as the DCOM programming model shields the component location, it also shields the component security requirements. Binary Code that works in a standalone environment without security considerations can work in a safe way in a distributed environment. DCOM allows developers and administrators to set a security environment for each component to make the security transparent. Just as Windows NT allows administrators to set an access control list (ACLs) for files and directories, DCOM stores the access control list of components. These lists clearly indicate which users or user groups have access to a certain type of components. You can use DCOM's setting tool (dcomcnfg), Windows NT's Registry and Win32 security functions in programming to easily set these lists. As long as a customer process calls a method or creates an instance of a component, DCOM can obtain the user's current user name using the current process (actually the thread being executed. Windows NT ensures that the creden。 of this user are reliable, and DCOM then runs the user name on the machine or process of the component. Then, DCOM on the component uses its own authentication mechanism to check the user name again, and search for components in the access control list (in fact, it is to find the first component running in the process containing this component ). If this user is not included in the List (neither directly in this table nor a member of a user group), DCOM rejects this call before the component is activated. This security mechanism is completely transparent to users and components and is highly optimized. It is based on the Windows NT security framework, which is the most frequently used (and perfect) in Windows NT operating systems !) For each access to a file or a synchronization thread such as an event or signal, the same access check is required. The fact that Windows NT can compete with and surpass similar operating systems and network operating systems shows how effective this security mechanism is.

Figure 13 Security Settings

DCOM provides a very effective default security mechanism that allows developers to develop secure distributed applications without having to worry about any security issues.

Security Programming Control

For some application systems, only the access control list at the component level is not enough, because some methods in a component can only be accessed by specific users.

Example: A business settlement component can have a method to log on to a new transaction, and another method to obtain an existing transaction. Only members of the financial group ("accounting" User Group) can add new transactions, and only senior management ("upper management" User Group) can view transactions.

As mentioned in the previous section, the application system can achieve its own security by managing its own user database and Security creden. However, working under a standard security framework will bring more benefits to end users. Without a unified security framework, you need to remember and manage the corresponding login creden。 for each application they use. Developers consider security issues for each component.

By adding the flexible security standards provided by Windows NT, DCOM simplifies Security user requirements to specific components and applications.

Which of the following options does the application that uses the DCOM Security Standard meet the requirements of the preceding example? When a method is called, the component requires DCOM to provide the customer's identity. Then, according to its identity, the called thread only executes some operations in the security object that the customer is allowed to execute. Then, the component tries to access security objects such as login Words. These objects have an access control list ACL. If the access fails, the component rejects the method call if the client is not in the ACL. By selecting different logon words based on different methods called, the component can use a very simple, but flexible and effective way to provide selective security.

Figure 14 Security interfaces using logon words

The component can also easily obtain the customer's username and use it to find related licenses and policies in its own database. This policy uses the authentication mechanism provided by the security framework of Windows NT (password/public key, password added to the transmission line, etc. The application system does not need to worry about storing passwords and other sensitive information. The new version of Windows NT provides an extended directory service that allows the application system to store user information in the Windows NT user database. DCOM is more flexible. The component can require different levels of encryption and different levels of authentication, and can prevent the component from using its own creden。 during identity authentication.

Security on the Internet

Two major problems must be faced when designing Internet-based public application systems.

• In the largest company, the number of users on the internet is increased by several orders of magnitude.
• End users want to use the same public key or password for all applications they use, even if these applications are provided by different companies. Companies that provide services cannot store users' private passwords in application systems or security frameworks.

  How can the flexible security structure of DCOM help applications solve these problems? For this problem, DCOM uses the Windows NT Security Framework (see the Security Section ). The security architecture of Windows NT provides multiple security modules, including the Windows nt ntlm authentication protocol, which is used in Windows NT 4.0 and earlier versions of Windows NT. Kerveros version 5 authentication protocol, which becomes the most important security protocol for NTLM in the era of processing access between Windows NT and Windows NT. Distributed password authentication (DPA), such as shared password authentication protocols used by some companies in the largest Internet member organizations such as MSN and CompuServe. Secure Channel service, which is used to complete the SSL/PCT protocol in Windows NT 4.0. The next version of Windows NT will enhance support for the public key protocol that supports the SSL 3.0 customer authentication system. A security module proposed by DCE, which can be used as a third-party tool in Windows NT.

  All these modules work on the standard Internet Protocol, each having its own advantages and disadvantages. Both the NTLM security module and the Kerberos-based module that carries it in Windows NT 5.0 are private key basic protocols. They are very effective and secure in a centralized management environment and Windows NT Server-based LAN that uses mutual or unilateral trust. For most Unix systems, NTLM can be used for commercial implementation. (For example, at&t's "Advanced Server for Unix systems )").

  Using the Windows NT 4.0 directory service, it can be well expanded to about 100000 users. With Windows NT 5.0's extended directory service, a Windows NT domain controller can be extended to approximately 0.1 billion users. By combining multiple domain controllers into the directory tree of Windows NT 5.0, the users supported in a domain are actually unlimited. The Kerberos-based security module of Windows NT 5.0 introduces more advanced security concepts, such as control of component behavior during user identity authentication. It consumes less resources than the NTLM security provision module during authentication. Windows NT 5.0 also provides a public key based on the security module. This module distributes Security creden。 in Windows NT-based applications and DCOM-based applications. Using a public key for identity authentication is not as effective as using a private key, but it allows identity authentication without storing the customer's private creden. Because there are so many different basic security provision modules (private keys and public keys) that can be used, therefore, DCOM-based distributed application systems can be completed or even more advanced, security-sensitive applications without any changes. The security framework of Windows NT makes it easy to extend the application and ensure the security of the application without sacrificing flexibility and performance.