All geek questions in one place

How to communicate securely with my own windows service

I have a .NET application and a .NET Windows Service . How can I establish a secure communication channel between the two?

Most people on the Internet recommend communicating with Windows services using Named Pipes . But it looks like it could create a big hole in the system. If any dude turns engineers to my application, he will know the name of the pipe and the protocol that I use, and this allows him to connect to my service and do whatever he wants.

Example: My client installs my application and gives it full privileges to install the service. He then downloads other software, and does not provide full privileges. But this software finds my service and uses it using the channel name and reverse engineering protocol.

So how to create a secure communication channel? Can the service somehow access the program that is just connected to its pipe (so that I can compare its hash if the service was installed in a safe place)? Or maybe use a different IPC ? How does Microsoft protect its services from this security hole?

+4
source share
2 answers

You just need to configure a security descriptor for your named pipe so that only your client code can access it.

Details here:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa365600%28v=vs.85%29.aspx

+7
source

I would look at an encryption protocol, for example. RSA encryption algorithm. It doesn’t matter which transmission protocol you use (pipes, TCP / IP, messages, etc.). Any of them can be "read" in some way. In your case, I would use some network protocol (TCP / IP, UDP) for a free scaling function in the future. Thus, the client and server sides can be on different PC / platform. But a lot depends on the requirements. Why do you really need to protect these things, what data should be protected (maybe there are easier ways to get them for others), the amount of data, others?

0
source

Source: https://habr.com/ru/post/1395018/

More articles:


All Articles