2 Replies Latest reply on Jan 24, 2003 6:54 AM by oz59

What's to stop someone from maliciously extending NTLoginMod

oz59 Jan 24, 2003 12:44 AM

Greetings all.

I'm a JAAS newbie and can't seem to get passed this problem:

Would it be possible for someone to simply extend, for example, NTLoginModule, and then set extended (bogus) Principals in the Subject, hence potentially tricking server side logic when it attempts to assign authorization credentials? What kind of logic would be necessary on the server to prevent this? Is it even possible in the first place?

Thanks for your thoughts.

1. Re: What's to stop someone from maliciously extending NTLogi

petertje Jan 24, 2003 3:59 AM (in response to oz59)

If you are using client-side authentication, the answer is yes. But if you're using server-side authentication, and you have secured your server (file system) appropriately, they can't......

Does this answer your question, or am i missing your point?

Cheers,
Peter.
Actions
2. Re: What's to stop someone from maliciously extending NTLogi

oz59 Jan 24, 2003 6:54 AM (in response to oz59)

> If you are using client-side authentication, the
> answer is yes. But if you're using server-side
> authentication, and you have secured your server
> (file system) appropriately, they can't......
>
> Does this answer your question, or am i missing your
> point?
>
> Cheers,
> Peter.

Yes, it would be client-side authentication w/ the knowledge that they'd at least have permission to access the middle tier to gain further authorization according to the server's business rules (on the assumption that the Subject is legitimately who they claim to be). The NTUserPrincipal would be run against some repository to make sure things match up.

This is basically an EAI scenario where the single sign-on isn't necessarily through the server.

Is there a fool-proof way to ensure that the Principals retrieved via the Subject are the exact classes in my server's classpath?

Thanks again for any thoughts.
Actions

Go to original post