|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] plz suggest security for DLL functions
Valdis.Kletnieks
vt.edu
Date: Fri Jul 01 2005 - 15:38:39 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 01 Jul 2005 14:37:18 EDT, Tim said:
> > Give them a DLL that just tosses an RPC call to a secured server that you
> > manage.
>
> And how would your server differentiate between a "good" RPC call and a
> "bad" one?
Well - you *do* have some idea of what sort of abuse you're trying to stop, right?
If they're not allowed to call it more than X times/hour, rate limit your RPC
server. Or apply whatever other checks you want to.
At least you (hopefully) don't have to worry about the user running your
server under a debugging tool to reverse engineer it. :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFCxanPcC3lWbTT17ARAvLwAKDrUOYGwp6yQui7VfOTEarJhBhVeQCg0l+X
ok7bsnygbJ4g0UlxV+qYEO4=
=AAvA
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]