Re: Ensuring single user only
- From: "Ben Voigt [C++ MVP]" <rbv@xxxxxxxxxxxxx>
- Date: Wed, 3 Sep 2008 14:49:36 -0500
fltcpt@xxxxxxxxx wrote:
My application prompts for a user name and password,
logs on to a remote database and binds to a local
port. Client processes (I have no control of) connect to that
port to get services.
Use a mailslot, named pipe, etc and set the ACL when you create it. You
can't set security on TCP or UDP ports (at least in Windows), and trying to
hook into process launch is not a solution. About the best you can do for
TCP/IP is: listen only on a localhost address (hence only permit connections
from the local machine), get the peer port number, find the process owning
the other end of the connection, and drop connections initiated by other
users.
My problem is, I want to provide service only to the user
who provided the username and password. For example,
on server edition of windows, user A starts my application,
then user B logons to windows on the same PC and connects
to my application... user B (an unauthorized database user
all of a sudden has access to the db) another similar
case is when user B runs things like psexec
(from sysinternals.com) to remotely initiate a process
that connects to my application...
Currently, my application does not authenticate the client
process using passwords because the clients (which I
have no control of) don't provide passwords.
The solution I came up with is that my application will
only provide service when only 1 user is logged on.
My question is, how do I determine that. How do I register
a callback for when user B runs psexec to run something
on the same PC? Also, how does it know users like
System and Local Service don't count??
Thanks.
.
- References:
- Ensuring single user only
- From: fltcpt
- Ensuring single user only
- Prev by Date: Re: Ensuring single user only
- Next by Date: Re: Getting CPU's cache-line size
- Previous by thread: Re: Ensuring single user only
- Index(es):
Relevant Pages
|
