firewall api from limited user
- From: "RossettoeCioccolato" <gmgarner@xxxxxxxxxxxxxxxx>
- Date: Mon, 19 Dec 2005 00:03:49 -0500
Since XP SP2 an application that wishes to listen for incoming connections
must be authorized with the Windows firewall. The firewall api requires
administrative credentials. However, it is poor security design to have an
application that listens for incoming connections from within the
administrative context. A better design would have the listening
application run in a limited user context but become admin solely for the
purpose of managing the firewall. What is the best way to "impersonate" an
administrator for this purpose? CoSetProxyBlanket would seem to do the job
except that the documentation for this function pAuthInfo member is not used
for calls on the same machine. Do I have to create a thread, call LogonUser
to become admin in that thread and then call CoSetProxyBlanket from the
thread?
Regards,
George.
.
- Follow-Ups:
- RE: firewall api from limited user
- From: "Yuan Ren[MSFT]"
- RE: firewall api from limited user
- Prev by Date: Re: What may cause a send exception?
- Next by Date: RE: firewall api from limited user
- Previous by thread: Transmission problems on 64 bit AMD processors but not 32 bit AMD processors
- Next by thread: RE: firewall api from limited user
- Index(es):
Relevant Pages
|
