Re: .NET Remoting Security
From: roz (roz_at_lenel.com)
Date: 02/10/05
- Next message: Shawn Farkas [MS]: "Re: CAS & GAC: connection?"
- Previous message: Guillermo Proano [MS]: "RE: system.security.permissions.securitypermission"
- In reply to: Nicole Calinoiu: "Re: .NET Remoting Security"
- Next in thread: Nicole Calinoiu: "Re: .NET Remoting Security"
- Reply: Nicole Calinoiu: "Re: .NET Remoting Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 10 Feb 2005 14:52:59 -0800
Then I imagine that the same goes for the IP address of the client
which the .NET Remoting framework automatically puts into the
ITransportHeaders (with the "__IPAddress" key)?
The assembly name of the client is automatically set by the .NET
Remoting framework in the IMessage Properties ("__TypeName" key).
Since these are both automatically set by the Remoting framework, I had
been wondering if there was some mechanism used by the framework to
ensure that they could not be spoofed. I figured that it was probably
possible to spoof them (and the old adage to never trust anything from
client still holds true), but had not been able to find anything
letting me know for sure.
So, just to make sure I've got it: neither of these should be trusted,
correct?
Thanks,
Bob Rozwod
- Next message: Shawn Farkas [MS]: "Re: CAS & GAC: connection?"
- Previous message: Guillermo Proano [MS]: "RE: system.security.permissions.securitypermission"
- In reply to: Nicole Calinoiu: "Re: .NET Remoting Security"
- Next in thread: Nicole Calinoiu: "Re: .NET Remoting Security"
- Reply: Nicole Calinoiu: "Re: .NET Remoting Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
