Re: Managed to Unmanaged security.

From: Chris Blanco (cblancoNOSPAM@necam.com)
Date: 03/24/03

Next message: Mary Chipman: "Re: User Login via SQL Server...(ASP Pages)..."
Previous message: John Saunders: "Re: Managed to Unmanaged security."
In reply to: John Saunders: "Re: Managed to Unmanaged security."
Next in thread: John Saunders: "Re: Managed to Unmanaged security."
Reply: John Saunders: "Re: Managed to Unmanaged security."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Chris Blanco" <cblancoNOSPAM@necam.com>
Date: Mon, 24 Mar 2003 15:32:03 -0500

No its definitely on the same machine...the web server...but someone can
easily connect to our TCP/IP transport and stream an XML message to it from
a remote machine. The TCP/IP transport was used in a Client/Server type app,
but we are using it to communicate to our legacy services. There is no
Authentication done on the transport service.
"John Saunders" <john.saunders@surfcontrol.com> wrote in message
news:O5#HGPk8CHA.2368@TK2MSFTNGP10.phx.gbl...
> This isn't necessarily a security hole if the TCP/IP follows secure paths.
> For instance, if it's within a machine, or within your Corporate LAN.
>
> So, I presume you're saying you send the TCP/IP out on the Internet?
>
> --
> John Saunders
> Internet Engineer
> john.saunders@surfcontrol.com
>
>
> "Chris Blanco" <cblancoNOSPAM@necam.com> wrote in message
> news:Oro5iFk8CHA.2376@TK2MSFTNGP10.phx.gbl...
> > Currently I am building a custom principle for an ASP.NET solution. I
have
> > some legacy services that I am using. Currently my managed code talks to
> my
> > unmanaged code through XML over a proprietary TCP/IP transport. This is
a
> > security hole as the XML is streamed across the TCP/IP channel
> unencrypted.
> > What is the recommended way of protecting that XML data? If its is
indeed
> > encryption what methods are available that both Unmanaged and managed
code
> > could use?
> >
> >
>
>

Next message: Mary Chipman: "Re: User Login via SQL Server...(ASP Pages)..."
Previous message: John Saunders: "Re: Managed to Unmanaged security."
In reply to: John Saunders: "Re: Managed to Unmanaged security."
Next in thread: John Saunders: "Re: Managed to Unmanaged security."
Reply: John Saunders: "Re: Managed to Unmanaged security."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Managed to Unmanaged security.
... >> Your TCP/IP transport code doesn't reject connections from other ... >>> easily connect to our TCP/IP transport and stream an XML message to it ... >>> a remote machine. ... >>> but we are using it to communicate to our legacy services. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Managed to Unmanaged security.
... Your TCP/IP transport code doesn't reject connections from other machines? ... > but we are using it to communicate to our legacy services. ... >>> unmanaged code through XML over a proprietary TCP/IP transport. ...
(microsoft.public.dotnet.framework.aspnet.security)