The Artima Developer Community
Sponsored Link

Jini Security
A Conversation with Bob Scheifler, Part I
by Bill Venners
July 8, 2002

<<  Page 4 of 5  >>


Proxy Trust

Bob Scheifler: The second ramification of dynamically downloaded code is the question of proxy trust. I have this downloaded code for the proxy, and I talk to you, the service, through that code. Somehow I decide to trust that code to do the right thing. For a simple example, say I download a proxy for you from somewhere, and I want to make a call through that proxy. I want to tell it, "Make sure the other end authenticates as Bill Venners." How do I know the proxy isn't simply going to lie and say, "Oh, yeah, sure, Bill's at the other end"? When I say, "Please transfer a hundred dollars," how do I know it won't say, "Oh, yeah, I transferred it," but transfer a thousand dollars instead?

Once I dynamically download code, and I perform any operation that has any sensitivity or liability—anything in the real world—I will be concerned whether I actually trust that code. Do I trust the proxy to carry out my requests and operate as I expect it to operate? We have to explicitly decide we trust the proxy in order to use it.

<<  Page 4 of 5  >>

Copyright © 1996-2018 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use