tags:

views:

294

answers:

1
+3  Q: 

Security risk of enabling MSDTC

MSDTC is disabled by default (windows 2003 - onwards) and I want to have it enabled for an application I'm developing that requires distributed transactions from .Net C#.

I don't believe there are any security issues with enabling it, but does SO know of any security issues with enabling the DTC?

Cheers

Ollie

+1  A: 

As long as the machine is fully patched you should be reasonably safe. AFAIK there may have been some patches in the past for vulnerabilities related to this (but then there is for all components in the OS).

If it is listening on an external port then you may want to lock down the hosts which can connect to it. This would give you a level of protection if some sort of worm on compromise is discovered the in future. It is generally not the sort of thing you want to expose on internet-facing machines.

BrianLy  2009-09-01 19:18:54
AWC  2009-09-01 20:23:19
Those are the places where you typically see MSDTC being used. It really depends on what you are doing, security requirements, budget etc. Some people go as far as putting firewalls between the web and app tiers but that's likely overkill for the majority of people. You could use something like http://en.wikipedia.org/wiki/Network_Access_Protection to only allow machines that need MSDTC to talk to one another.
BrianLy  2009-09-01 23:17:50

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?