Security

Using the network for distributing an application is challenging not only because of the physical limitations of bandwidth and latency. It also raises new issues related to security between and among clients and components.

DCOM achieves the security transparency by letting developers and administrators configure the security settings for each component. Just as the Windows NT File System lets administrators set access control lists (ACLs) for files and directories, DCOM stores Access Control Lists for components. These lists simply indicate which users or groups of users have the right to access a component of a certain class. These lists can easily be configured using the DCOM configuration tool (DCOMCNFG) or programmatically using the Windows NT registry and Win32 security functions.

Security on the Internet

DCOM uses the security framework provided by Windows NT. The Windows NT security architecture supports multiple security providers, including:

• Windows NT NTLM authentication protocol
  
• The Kerberos Version 5 authentication protocol
  
• Distributed password authentication (DPA), the shared secret authentication protocol 
  
• Secure channel security services, which implement the SSL/PCT protocols in Windows NT 4.0.
  
• A DCE-compliant security provider