"Rob Teixeira" wrote:

> There's nothing particularly special or dangerous about remoting.
> You just have to realize that remoting doesn't have built-in autentication,
> authorization, or encryption (yet). So basically, any remoting call data
> going over a wire can be sniffed. As you say though, that's no different
> than your run of the mill sockets communication (remoting is just really an
> abstraction for sending and receiving serialized data over a socket
> connection). You can encrypt the data on the line by using IPSec or some
> other transport-level encryption (though in your case, the data isn't
> leaving the computer, but this is something to consider for other programs).
> You are also responsible for making sure the client calls don't send
> malicious input to a server call that can create havok - basically, just be
> really diligent in your input validation. You can also use firewall rules to
> keep unwanted traffic away from your server if you ever go beyond the local
> machine.
>
> If you want windows authentication and authorization, more or less like
> what's available with DCOM/COM+, you can try following this article:
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndotnet/html/remsspi.asp
> Note that the entire article spans two parts, and the link is for part I.
> Just keep following the links to get to part II.
>
> -Rob Teixeira
>
>
> "dr" <d*@discussions.microsoft.com> wrote in message
> news:2A79DDE9-92A4-4D32-B6DC-0D919C82BE19@microsoft.com...
> > I want to use remoting to talk between two applications on the same PC but
> am
> > concerned about security.
> > What are the security implications of using Remoting locally on a
> computer?
> > I keep hearing about how it is insecure but is it really any more insecure
> > that any sockets for interprocess communication?
> >
>
>
>