Re: Managed to Unmanaged security.
From: Chris Blanco (cblancoNOSPAM@necam.com)
Date: 03/25/03
- Next message: RayS: "Access denied to network share using Windows Authentication"
- Previous message: faraz ahmed: ".Net Roles Authorization"
- In reply to: John Saunders: "Re: Managed to Unmanaged security."
- Next in thread: John Saunders: "Re: Managed to Unmanaged security."
- Reply: John Saunders: "Re: Managed to Unmanaged security."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Chris Blanco" <cblancoNOSPAM@necam.com> Date: Tue, 25 Mar 2003 08:34:29 -0500
Duh, that's what I figured out shortly after I posted the last message. This
is a simple fix, it will be behind a firewall. Sometimes you get so wrapped
up in developing secure measures you forget about network security, Can't
see the Forest for the trees! Never mind!! :) Thanks again John, you are
always a great help.
"John Saunders" <john.saunders@surfcontrol.com> wrote in message
news:ui61Y1k8CHA.1600@TK2MSFTNGP10.phx.gbl...
> Your TCP/IP transport code doesn't reject connections from other machines?
> And aren't you behind a firewall?
>
> --
> John Saunders
> Internet Engineer
> john.saunders@surfcontrol.com
>
>
> "Chris Blanco" <cblancoNOSPAM@necam.com> wrote in message
> news:u85ovRk8CHA.2452@TK2MSFTNGP10.phx.gbl...
> > No its definitely on the same machine...the web server...but someone can
> > easily connect to our TCP/IP transport and stream an XML message to it
> from
> > a remote machine. The TCP/IP transport was used in a Client/Server type
> app,
> > but we are using it to communicate to our legacy services. There is no
> > Authentication done on the transport service.
> > "John Saunders" <john.saunders@surfcontrol.com> wrote in message
> > news:O5#HGPk8CHA.2368@TK2MSFTNGP10.phx.gbl...
> > > This isn't necessarily a security hole if the TCP/IP follows secure
> paths.
> > > For instance, if it's within a machine, or within your Corporate LAN.
> > >
> > > So, I presume you're saying you send the TCP/IP out on the Internet?
> > >
> > > --
> > > John Saunders
> > > Internet Engineer
> > > john.saunders@surfcontrol.com
> > >
> > >
> > > "Chris Blanco" <cblancoNOSPAM@necam.com> wrote in message
> > > news:Oro5iFk8CHA.2376@TK2MSFTNGP10.phx.gbl...
> > > > Currently I am building a custom principle for an ASP.NET solution.
I
> > have
> > > > some legacy services that I am using. Currently my managed code
talks
> to
> > > my
> > > > unmanaged code through XML over a proprietary TCP/IP transport. This
> is
> > a
> > > > security hole as the XML is streamed across the TCP/IP channel
> > > unencrypted.
> > > > What is the recommended way of protecting that XML data? If its is
> > indeed
> > > > encryption what methods are available that both Unmanaged and
managed
> > code
> > > > could use?
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: RayS: "Access denied to network share using Windows Authentication"
- Previous message: faraz ahmed: ".Net Roles Authorization"
- In reply to: John Saunders: "Re: Managed to Unmanaged security."
- Next in thread: John Saunders: "Re: Managed to Unmanaged security."
- Reply: John Saunders: "Re: Managed to Unmanaged security."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
