2 Replies Latest reply on Jan 24, 2003 6:54 AM by Andrew Oswald

    What's to stop someone from maliciously extending NTLoginMod

    Andrew Oswald Newbie

      Greetings all.

      I'm a JAAS newbie and can't seem to get passed this problem:

      Would it be possible for someone to simply extend, for example, NTLoginModule, and then set extended (bogus) Principals in the Subject, hence potentially tricking server side logic when it attempts to assign authorization credentials? What kind of logic would be necessary on the server to prevent this? Is it even possible in the first place?

      Thanks for your thoughts.

        • 1. Re: What's to stop someone from maliciously extending NTLogi
          Peter Doornbosch Apprentice

          If you are using client-side authentication, the answer is yes. But if you're using server-side authentication, and you have secured your server (file system) appropriately, they can't......

          Does this answer your question, or am i missing your point?

          Cheers,
          Peter.

          • 2. Re: What's to stop someone from maliciously extending NTLogi
            Andrew Oswald Newbie

            > If you are using client-side authentication, the
            > answer is yes. But if you're using server-side
            > authentication, and you have secured your server
            > (file system) appropriately, they can't......
            >
            > Does this answer your question, or am i missing your
            > point?
            >
            > Cheers,
            > Peter.

            Yes, it would be client-side authentication w/ the knowledge that they'd at least have permission to access the middle tier to gain further authorization according to the server's business rules (on the assumption that the Subject is legitimately who they claim to be). The NTUserPrincipal would be run against some repository to make sure things match up.

            This is basically an EAI scenario where the single sign-on isn't necessarily through the server.

            Is there a fool-proof way to ensure that the Principals retrieved via the Subject are the exact classes in my server's classpath?

            Thanks again for any thoughts.