Re: Remoting Security

---

• From: "Oliver Sturm" <oliver@xxxxxxxxxxxx>
• Date: Tue, 2 Jan 2007 15:31:05 +0000

---

Hello kivancturkees,

My first question is What kind of security should I implement to
prevent this?

To prevent somebody from eavesdropping on your connection, you need to encrypt the data going through the line.

Also Can someone who doesn't have my DLL but knows the class name,
method name and parameter list call my remote method? If it is possible
how can I prevent it?

To make sure that nobody can misuse your service, you must make sure that a client is somebody you know/trust (authentication) and the establish whether he's actually allowed to do what he's trying to do (authorization). Not all of this will usually be covered on the same level of your communication channels, but it should give you an idea what you might want to do.

Technically, .NET 2 introduced a few new features for Remoting that allow you to do traffic encryption and also authentication to a degree. There's a lot of information about this out there, Dominick has a nice summary:

http://www.leastprivilege.com/SecureRemotingConfigurationSettings.aspx

Before these options were introduced, your only chance was to take advantage of the extensibility features in Remoting and implement custom sinks to provide that kind of functionality. As an example for this, look at this MSDN Magazine article:

http://msdn.microsoft.com/msdnmag/issues/03/06/NETRemoting/

If you'd like to go that way, be aware that there are good implementations of many such features out there already. I haven't seen any updates in a while, but I used to be a satisfied user of GenuineChannels (and they sell the source as well):

http://www.genuinechannels.com/

Finally, while it doesn't provide all the functionality of .NET Remoting, WCF (Windows Communication Foundation) is certainly strong on the "security out of the box" front. You'll need .NET 3 to use it, as well as a slightly adapted frame of mind, from the Remoting programmer's point of view :-)


Oliver Sturm
--
http://www.sturmnet.org/blog
.

---

• Next by Date: Re: Error with .Net Runtime 2.0 on Windows Service
• Next by thread: Re: Error with .Net Runtime 2.0 on Windows Service
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Secure and reliable online file storing ... They all have continuous realtime backup features and both mozy and idrive offer free 2gb accounts which is nice when you just want to backup your most critical files. ... If you encrypt your files before backing up then you have another layer of security. ... (microsoft.public.security) RE: Config file to turn on/off features ? ... encrypt the key/value pairs to prevent tampering. ... > want your users enabling features by editing the file in notepad. ... > in this configuration file using cryptography. ... (microsoft.public.dotnet.framework) Re: Genuine Channels - Worth buying? ... GenuineChannels is probably not going to help. ... features in WAN/Internet environments. ... ADDITION TO what you already have to know for plain, vanilla remoting. ... > term I have been considering the purchase of Genuine Channels. ... (microsoft.public.dotnet.framework.remoting) Re: D8: BDP ... I just watched the new BDNTV entry ... about the db features in D9. ... I have a non-tech question about remoting though. ... (borland.public.delphi.non-technical) Re: Why no language improvements? ... Delphi 2005 already supports RAD development of remoting. ... John Kaster http://blogs.borland.com/johnk Features and bugs: http://qc.borland.com Get source: http://cc.borland.com If it's not here, ... (borland.public.delphi.non-technical)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)