Re: Remoting security

From: K. Prafulla (KPrafulla_at_discussions.microsoft.com)
Date: 03/18/05 

Date: Fri, 18 Mar 2005 07:11:09 -0800

Hi,

There is nice way by which we can have encrypted communication between
client and server in .Net Remoting. You will have to use ClientSink and
ServerSink. So all communication which goes over wire, will be encrypted. I
guess this will solve your concerns.

There is nice article with example on microsoft site for this by Stephen
Toub. http://msdn.microsoft.com/msdnmag/issues/03/06/NETRemoting/

This should help you.

Kulkarni Prafulla.

"Rob Teixeira" wrote:

> There's nothing particularly special or dangerous about remoting.
> You just have to realize that remoting doesn't have built-in autentication,
> authorization, or encryption (yet). So basically, any remoting call data
> going over a wire can be sniffed. As you say though, that's no different
> than your run of the mill sockets communication (remoting is just really an
> abstraction for sending and receiving serialized data over a socket
> connection). You can encrypt the data on the line by using IPSec or some
> other transport-level encryption (though in your case, the data isn't
> leaving the computer, but this is something to consider for other programs).
> You are also responsible for making sure the client calls don't send
> malicious input to a server call that can create havok - basically, just be
> really diligent in your input validation. You can also use firewall rules to
> keep unwanted traffic away from your server if you ever go beyond the local
> machine.
>
> If you want windows authentication and authorization, more or less like
> what's available with DCOM/COM+, you can try following this article:
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndotnet/html/remsspi.asp
> Note that the entire article spans two parts, and the link is for part I.
> Just keep following the links to get to part II.
>
> -Rob Teixeira
>
>
> "dr" <dr@discussions.microsoft.com> wrote in message
> news:2A79DDE9-92A4-4D32-B6DC-0D919C82BE19@microsoft.com...
> > I want to use remoting to talk between two applications on the same PC but
> am
> > concerned about security.
> > What are the security implications of using Remoting locally on a
> computer?
> > I keep hearing about how it is insecure but is it really any more insecure
> > that any sockets for interprocess communication?
> >
>
>
>

Relevant Pages

  • Re: Encrypted JDBC between JAVA Middletier and MSSQL Server
    ... communication between driver and DBMS. ... I have my J2EE application (SUN JAVA Application server) accessing business data stored in MS SQL Server 2000. ... As evident Force Protocol Encryption feature in SQL Server can ensure encrypted communication betweeen MS client and server. ...
    (microsoft.public.sqlserver.jdbcdriver)
  • Re: overhead using remoting vs. TCPIP listener
    ... Since the Compact Framework has no support for remoting the question is ... I'm developing an application for mobile devices (using Windows mobile or ... CE) that communicate with a server using GPRS. ... between mobile unit and server is stateless - so a single communication ...
    (microsoft.public.windowsce.app.development)
  • Re: browser security qs
    ... There should be support from the server that allows encryption of the ... I never heard of spammers using communication interception for their ... All modern browsers support encryption - but support from ...
    (microsoft.public.security)
  • Re: Client - server communication
    ... Wouldn't mind seeing some of your examples of using remoting to do simple communication between client and server if you have any. ...
    (microsoft.public.dotnet.languages.csharp)
  • RE: Need advise on concept ???
    ... Machine information are based on alarms (imagin your ca with a red ... remoting, messaging etc - I think your time might be better spent by ... each could be hosted in a server cluster (fronted by a load ... id on the appropriate IServerPlugIn assembly/class and then execute the ...
    (microsoft.public.dotnet.distributed_apps)