Distributed system s middleware dcom s activex versus java s javabeans and corba s iiop
This presentation is the property of its rightful owner.
Sponsored Links
1 / 26

Distributed System’s Middleware: DCOM's ActiveX versus Java's JavaBeans and CORBA's IIOP PowerPoint PPT Presentation


  • 74 Views
  • Uploaded on
  • Presentation posted in: General

Distributed System’s Middleware: DCOM's ActiveX versus Java's JavaBeans and CORBA's IIOP. COM. Component Object Model or Common Object Model Promoted by Microsoft as a general-purpose architecture for building component-based software

Download Presentation

Distributed System’s Middleware: DCOM's ActiveX versus Java's JavaBeans and CORBA's IIOP

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Distributed system s middleware dcom s activex versus java s javabeans and corba s iiop

Distributed System’s Middleware:DCOM's ActiveX versus Java's JavaBeans and CORBA's IIOP


Distributed system s middleware dcom s activex versus java s javabeans and corba s iiop

COM

  • Component Object Model or Common Object Model

  • Promoted by Microsoft as a general-purpose architecture for building component-based software

  • Main purpose was to define reusable objects for which designer could use to create larger systems from these objects


Com continued

COM continued

  • Allows developer to create COM objects not specific to any languages or platform as long as they stick to the binary structure Microsoft proposed.

    • Can interoperate with each other


Introduction to dcom

Introduction to DCOM

  • COM on a wire

  • DCOM stands for Distributed COM

  • Basically, DCOM allows use of component objects present on different machines either within or across networks

  • Put in another way, DCOM is COM on steroids.


Activex

ActiveX

The Chaos Computer Club of Hamburg, Germany showed how

to move funds from one back account to another - all using an

ActiveX control. This control tricks finance software Quicken

into removing funds from a user's account when a user logs on

to their bank. Microsoft, the developer of ActiveX, heard

about the incident after receiving a phone call from someone

in Germany who viewed the Chaos Computer Club's story on

German national television.

This incident illustrates the potential dangers

associated with ActiveX. Unlike Java applets, which are not

capable of reading or writing to local files, ActiveX can do

nearly anything.

Microsoft plans to launch an ActiveX education campaign

in response to this attack.


Some quotes

Some Quotes

  • “Microsoft's core competency is monopolization” Steve Litt, 9/6/2000

  • Yesterday OLE, COM, DCOM, MFC, IIS, ASP. Today C# and Microsoft.Net. What next? The Open Source world is one of continuous improvement. The Microsoft world is one of continuous U turns.

  • Getting back to technology selection. There are some who believe Microsoft's line that their software provides "interoperability". Don't fall for that line. Microsoft's technology provides crash-prone non-modular systems whose primary design feature is to enhance Microsoft's monopoly power. You can do better than that. Just say no to Microsoft.


Introduction to activex

Introduction to ActiveX

  • Set of technologies that enables interactive content for WWW

  • Can be invoked from web pages through the use of a scripting language or directly with an HTML object tag

  • Can be signed or unsigned

    • Signed control provides a high degree of verification that the control was produced by the signer


Activex continued

ActiveX continued

  • Doesn’t guarantee the trustworthiness of the control’s intended functions.

  • ActiveX are binary code

  • ActiveX executables can be configured to run in certain machines, under certain conditions

    • Allowing for scalability

    • Allowing for increase security


  • Dcom activex vs corba vs java

    DCOM/ActiveX vs CORBA vs Java

    • Openness

      • Java, CORBA : yes

      • DCOM/ActiveX: somewhat

    • Platform Independence

      • Java, CORBA: yes

      • DCOM/ActiveX:no


    Why dcom activex isn t as platform independent as java or corba

    Why DCOM/ActiveX isn’t as platform independent as Java or CORBA

    • “Microsoft unapologetically will make sure ActiveX works best on Windows” –Bob Muglia, Microsoft (Source: Client Server News and Red Herring Magazine)

    • DCOM/ActiveX isn’t supported on MS-DOS or 16-bit Windows environment


    Comparisons continued

    Comparisons continued

    • Language Independce

      • Java: no

      • DCOM/ActiveX: somewhat

      • CORBA: yes

    • WWW support

      • Java: yes

      • DCOM/ActiveX: 32 bit windows only

      • CORBA: yes


    Comparisons continued1

    Comparisons continued

    • Scalable?

      • CORBA: definitely yes

      • Java: more so than ActiveX

      • DCOM/ActiveX: no

    • Security:

      • CORBA: yes

      • DCOM/ActiveX: no

      • Java’s JavaBeans: yes


    Comparisons continued2

    Comparisons continued

    • Benefits:

      • ActiveX: a. reusable components

        • b. has more capabilities than Java’s JavaBeans

        • c. are available to meet many needs and functionalities

      • JavaBeans: a. reusable

        • b. secure

        • c. trusted JavaBeans has more functionalities than regular applets.

          -CORBA: a. mature


    Comparisons continued3

    Comparisons continued

    • DCOM’s main competitor is CORBA; whereas, ActiveX main competitor is Java’s JavaBeans

    • CORBA and Java complement each other.


    Fallacies regarding activex

    Fallacies regarding ActiveX

    • All ActiveX controls are unsafe

    • All ActiveX controls either are the same as regular executable files or differs from them completely

    • ActiveX controls make IE unsafe due to its lack of security

    • ActiveX controls are safe because they are signed


    Fallacies continued

    Fallacies continued

    • All ActiveX controls problems can be avoided if you just avoid using IE


    Activex security and risks

    ActiveX Security and Risks

    Can be divided as follows:

    1.Imported/Install Controls

    2a. Scripted Controls

    2b. Execution Controls


    Imported installed controls

    Imported/Installed Controls

    • Has no way to measure their capabilities

      • Should be base on the source of the control

      • Inadequate for 2 reasons:

        • Signer of control may not be able to determine the control safety as the end user is

        • End user must trust the distribution sequence. That is, it wasn’t modify somewhere in that distribution sequence to make it malicious

    • Signatures persist


    Imported installed controls1

    Imported/Installed Controls

    • Controls need only be registered once per machine

      • Will lead to problems if a machine is shared by multiple users. Any one user is capable of downloading a control, at which point it is available to all the users on that machine.

      • Even worse if the machine is shared on a network

    • Controls does not always has a solution to a particular vulnerability.


    Scripted controls

    Scripted Controls

    • Responsible for implementing their own security

    • Can be used in ways that were unintended by its original author. Can lead to unexpected behaviors that could be exploited by hackers

    • Can invoke other controls without the user knowledge.


    Scripted controls1

    Scripted Controls

    • Can escape the confines of the IE’s environment

    • Controls’ engines might not provide IE’s security regarding ActiveX

    • Its cross-site scripting is poorly understood

      • Can lead to vulnerabilities regarding cross-site scripting attacks


    Execution controls

    Execution Controls

    • Running controls has more capabilities than tools that run strictly in IE’s environment

      • Due to fact it is native code

    • Running controls can be based on IE’s securities. However, ActiveX controls do not rely on IE; can be installed and executed without using IE.


    Execution controls cont

    Execution Controls Cont.

    • Running controls run under the privileges of current user. No known way of restricting its privileges

    • Running controls do not have an effective level of abstraction

    • Running controls are fairly difficult to assess and manage

    • Running controls’ securities are fairly coarse. It’s all-or-nothing in IE.


    Securing activex controls

    Securing ActiveX Controls

    • Using Administrator Approved setting

    • Using Authenticode

    • Using CodeBaseSearchPath

    • Using Internet Explorer Administrator Kit

    • Using IObjectSafety

    • Using kill bit

    • Using security zones including a fifth built-in zone, called ‘My Computer’ zone


    Broadening activex appeal

    Broadening ActiveX Appeal

    • Make it more secure through the use of some kind of sandbox like Java

    • Make it where it is platform independent like .NET or JVM

    • Don’t have this windows-only mentality


    Conclusions

    Conclusions

    • Microsoft can make ActiveX more appealing if they were to provide more security to ActiveX

    • They need to embrace CORBA not work against it

    • They need to work with Java, not against it


  • Login