Re: Managed to Unmanaged security.
From: John Saunders (email@example.com)
From: "John Saunders" <firstname.lastname@example.org> Date: Mon, 24 Mar 2003 16:36:53 -0500
Your TCP/IP transport code doesn't reject connections from other machines?
And aren't you behind a firewall?
-- John Saunders Internet Engineer email@example.com "Chris Blanco" <cblancoNOSPAM@necam.com> wrote in message news:u85ovRk8CHA.2452@TK2MSFTNGP10.phx.gbl... > No its definitely on the same machine...the web server...but someone can > easily connect to our TCP/IP transport and stream an XML message to it from > a remote machine. The TCP/IP transport was used in a Client/Server type app, > but we are using it to communicate to our legacy services. There is no > Authentication done on the transport service. > "John Saunders" <firstname.lastname@example.org> wrote in message > news:O5#HGPk8CHA.2368@TK2MSFTNGP10.phx.gbl... > > This isn't necessarily a security hole if the TCP/IP follows secure paths. > > For instance, if it's within a machine, or within your Corporate LAN. > > > > So, I presume you're saying you send the TCP/IP out on the Internet? > > > > -- > > John Saunders > > Internet Engineer > > email@example.com > > > > > > "Chris Blanco" <cblancoNOSPAM@necam.com> wrote in message > > news:Oro5iFk8CHA.2376@TK2MSFTNGP10.phx.gbl... > > > Currently I am building a custom principle for an ASP.NET solution. I > have > > > some legacy services that I am using. Currently my managed code talks to > > my > > > unmanaged code through XML over a proprietary TCP/IP transport. This is > a > > > security hole as the XML is streamed across the TCP/IP channel > > unencrypted. > > > What is the recommended way of protecting that XML data? If its is > indeed > > > encryption what methods are available that both Unmanaged and managed > code > > > could use? > > > > > > > > > > > >