WCF命名管道安全性和多用户会话? [英] WCF Named Pipe Security and Multiple User Sessions?
问题描述
我有设置一个WPF应用程序是使用互斥单个实例,它允许应用程序,如果你使用的是用户切换每个用户帐户中运行。该应用程序建立一个WCF命名管道,这样我可以从其他进程进行通信的单一实例(即当第二个进程运行时,它终止之前由于互斥)。
I have setup a WPF application that is single instance using a Mutex, this allows for the application to run within each user account if you are using user switching. The application sets up a WCF named pipe so that I can communicate to the single instance from another process (i.e. when the second process runs before it terminates due to the Mutex).
我想知道如果有什么应该做的(最佳做法),以确保命名管道?
I would like to know if anything should be done (best practices) to secure the named pipe?
此外,我想知道,如果命名管道的消息将达到系统内,或仅在当前用户会话中的所有正在运行的进程。如果命名管道传送系统范围内的话,这将是制约通信到当前用户会话的最佳implmentation?
Also I would like to know if the named pipe messages would reach all running processes within the system or only within current user session. If the named pipe is sent system wide then what would be the best implmentation to restrict the communication to the current users session?
推荐答案
在WCF命名管道不从网络访问,并没有要求进行加密来保护他们。但是,WCF服务不反对提到的攻击安全的 romkyns
Named pipes in WCF are not accessible from the network and no encryption is required to secure them. However, WCF services are not secure against the attack mentioned by romkyns.
我建议你阅读这篇文章:
I suggest you read this posts:
<一个href="http://blogs.charteris.com/blogs/chrisdi/archive/2008/05/19/exploring-the-wcf-named-pipe-binding-part-1.aspx">http://blogs.charteris.com/blogs/chrisdi/archive/2008/05/19/exploring-the-wcf-named-pipe-binding-part-1.aspx
<一个href="http://blogs.charteris.com/blogs/chrisdi/archive/2008/06/16/exploring-the-wcf-named-pipe-binding-part-2.aspx">http://blogs.charteris.com/blogs/chrisdi/archive/2008/06/16/exploring-the-wcf-named-pipe-binding-part-2.aspx
<一个href="http://blogs.charteris.com/blogs/chrisdi/archive/2008/06/23/exploring-the-wcf-named-pipe-binding-part-3.aspx">http://blogs.charteris.com/blogs/chrisdi/archive/2008/06/23/exploring-the-wcf-named-pipe-binding-part-3.aspx
<一个href="http://blogs.charteris.com/blogs/chrisdi/archive/2009/12/04/exploring-the-wcf-named-pipe-binding-part-4.aspx">http://blogs.charteris.com/blogs/chrisdi/archive/2009/12/04/exploring-the-wcf-named-pipe-binding-part-4.aspx
有关所涉及的安全问题。
about the security problems involved.
在短WCF允许任何程序伪装自己作为服务:
In short WCF allows ANY process to masquerade itself as the service and:
- 无论是模拟的服务或
- 窃听和篡改数据的假设恶意程序本身连接到服务。然而,如果服务使用访问安全检查主叫用户的身份,这可能是不可能的。
这篇关于WCF命名管道安全性和多用户会话?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
