LegacyWrapper icon indicating copy to clipboard operation
LegacyWrapper copied to clipboard

Published 20 hours ago verified publisher icon CodefoundryDE

Enhance pipe security

Open zalintyre opened this issue 8 years ago • 2 comments

The Problem

The current implementation uses a named pipe to enable communication between wrapper and client. This is insecure, because a named pipe can be read by anyone who knows its name.

The (possible) solution

Either there is a way to encrypt traffic going over the pipe (e.g. TLS), or we switch to another (secure) IPC technology.

zalintyre avatar Sep 27 '17 21:09 zalintyre

Are you wanting to add message validation or full encryption? Is the goal to ensure that the client of the named pipe is authorized to make the calls?

Kuf avatar Sep 29 '17 12:09 Kuf

I'd like to see full encryption of the pipe, in a way that noone other than client and wrapper have access to the pipe contents. Maybe TLS encryption could do the trick.

Authorization is not key here - the called DLL resides on the same system - so windows should handle this.

zalintyre avatar Sep 29 '17 17:09 zalintyre