On 2/8/2011 9:59 AM, Greg Trasuk wrote:
On Tue, 2011-02-08 at 10:49, Gregg Wonderly wrote:
On 2/7/2011 8:44 PM, [email protected] wrote:
Seems like this behavior ('isolate proxy') would be something you could specify
as an invocation constraint when you prepare the registrar proxy.
I think that they are focused specifically on the fact that the registrar is
already unmarshalling the proxy before you see it to do proxy preparation. So,
anything it does in the no-args constructor is a point of exposure to DOS
attacks.
Right, but the registrar itself is represented by a proxy (i.e.
LookupDiscoveryManager has a 'registrarPreparer' configuration item).
Since this behaviour ('isolate service proxy') is orthogonal to the
lookup method's core functionality, doesn't it make sense to put an
invocation constraint on the _registrar_ proxy, the same as we might put
a 'make sure communication with the registrar is confidential'
constraint?
Okay, yes, I see where you are coming from. I think the ILFactory contraints
processing is a probable location to deal with this. BasicInvocationHandler
itself currently does nothing with constraints after the call is sent down to
the BasicInvocationDispatcher instance. So there would be some study needed to
see how this might work using constraints.
Gregg Wonderly
