Re: Managed to Unmanaged security.

From: John Saunders (john.saunders@surfcontrol.com)
Date: 03/24/03


From: "John Saunders" <john.saunders@surfcontrol.com>
Date: Mon, 24 Mar 2003 16:36:53 -0500


Your TCP/IP transport code doesn't reject connections from other machines?
And aren't you behind a firewall?

--
John Saunders
Internet Engineer
john.saunders@surfcontrol.com
"Chris Blanco" <cblancoNOSPAM@necam.com> wrote in message
news:u85ovRk8CHA.2452@TK2MSFTNGP10.phx.gbl...
> No its definitely on the same machine...the web server...but someone can
> easily connect to our TCP/IP transport and stream an XML message to it
from
> a remote machine. The TCP/IP transport was used in a Client/Server type
app,
> but we are using it to communicate to our legacy services. There is no
> Authentication done on the transport service.
> "John Saunders" <john.saunders@surfcontrol.com> wrote in message
> news:O5#HGPk8CHA.2368@TK2MSFTNGP10.phx.gbl...
> > This isn't necessarily a security hole if the TCP/IP follows secure
paths.
> > For instance, if it's within a machine, or within your Corporate LAN.
> >
> > So, I presume you're saying you send the TCP/IP out on the Internet?
> >
> > --
> > John Saunders
> > Internet Engineer
> > john.saunders@surfcontrol.com
> >
> >
> > "Chris Blanco" <cblancoNOSPAM@necam.com> wrote in message
> > news:Oro5iFk8CHA.2376@TK2MSFTNGP10.phx.gbl...
> > > Currently I am building a custom principle for an ASP.NET solution. I
> have
> > > some legacy services that I am using. Currently my managed code talks
to
> > my
> > > unmanaged code through XML over a proprietary TCP/IP transport. This
is
> a
> > > security hole as the XML is streamed across the TCP/IP channel
> > unencrypted.
> > > What is the recommended way of protecting that XML data? If its is
> indeed
> > > encryption what methods are available that both Unmanaged and managed
> code
> > > could use?
> > >
> > >
> >
> >
>
>


Relevant Pages

  • Re: Managed to Unmanaged security.
    ... easily connect to our TCP/IP transport and stream an XML message to it from ... The TCP/IP transport was used in a Client/Server type app, ... but we are using it to communicate to our legacy services. ... Currently my managed code talks to ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Managed to Unmanaged security.
    ... >> Your TCP/IP transport code doesn't reject connections from other ... >>> easily connect to our TCP/IP transport and stream an XML message to it ... >>> a remote machine. ... >>> but we are using it to communicate to our legacy services. ...
    (microsoft.public.dotnet.framework.aspnet.security)