Remote configuration of software component using proxy
First Claim
1. A system for enabling a first software object to be configured remotely by an entity, the system comprising:
- a second software object that executes on a machine on which said first software object executes, that receives one or more instructions from said entity through a network, that performs one or more authentications on said entity, and that configures said first software object in accordance with said one or more instructions if said entity satisfies said one or more authentications;
one or more stored rules that specify that said second software object is not to engage in outbound communication over said network, and that further specify that said first software object is not to engage in communication over said network, wherein said one or more stored rules govern behavior of said first software object and of said second software object.
3 Assignments
0 Petitions
Accused Products
Abstract
A proxy service receives requests from a remote caller to configure a main service. The proxy service authenticates the caller and validates the request. The proxy service then passes the request along to the main service if the caller can be authenticated and if the request can be validated. The proxy service runs at a non-privileged level, but when the proxy service passes the request to the main service, the proxy service impersonates the caller so that the request to the main service is made at the original caller'"'"'s level of privilege. The main service can block all inbound network traffic, since network requests to configure the main service are received by the proxy, which is a local object from the perspective of the main service. Additionally, the proxy can block inbound traffic other than a certain class of requests (e.g., Remote Procedure Calls).
31 Citations
20 Claims
-
1. A system for enabling a first software object to be configured remotely by an entity, the system comprising:
-
a second software object that executes on a machine on which said first software object executes, that receives one or more instructions from said entity through a network, that performs one or more authentications on said entity, and that configures said first software object in accordance with said one or more instructions if said entity satisfies said one or more authentications; one or more stored rules that specify that said second software object is not to engage in outbound communication over said network, and that further specify that said first software object is not to engage in communication over said network, wherein said one or more stored rules govern behavior of said first software object and of said second software object. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of configuring a first software object based on instructions received remotely from an entity, the method being performed by a second software object, the method comprising:
-
receiving, from the entity through a network, data comprising one or more instructions to configure the first software object; acting in accordance with a first rule that specifies that said second software object is not to engage in any outbound communication over said network; determining that the entity satisfies at least one identity criterion; determining that the data satisfy at least one validity criterion; impersonating the entity; configuring said the first software object in accordance with said one or more instructions. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. One or more computer-readable storage media having stored thereon:
-
first executable instructions that implement a first software object, said first software object exposing a first interface that enables configuration parameters of said first software object to be set; second executable instructions that implement a second software object, said second software object exposing a second interface that is isomorphic to said first interface, said second software object receiving one or more configuration instructions from an entity through a network and using said first interface to set said configuration parameters of said first software object based on said one or more configuration instructions, said second executable instructions behaving in accordance with at least one rule governing communication over said network. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification