views:

28

answers:

1

Let's consider I have a service in my user session that listens on some TCP port.

Is there a way, on Windows, to only authorize processes from the same session to connect, and to deny connections from the "outside" ? ("outside" means another computer, and another user session on the same host).

I will also accept any alternative to TCP that allows only two process within the same session to communicate.

This has to work for Windows Vista, Seven and Server 2008.

Many thanks.

A: 

You can bind your listening socket on localhost (127.0.0.1) which limits connections to only internal local connections.

If you then want to limit it further on the originating session, you should build some form of authentication into the protocol running over the TCP connection. For example: the client must send the sessionname of it's own session before the server is going to communicate further.

Otherside
Actually, if someone mess up with the routing table, an external host can, under some circumstances, access to `127.0.0.1`. Anyway, I'd like to avoid building my own authentication scheme if the system can provide an alternative.
ereOn
Can a user with limited privileges mess with the routing table, or do you need administrator privileges? If you need administrator privileges to mess with the routing table, the (possibly) built-in "local" authentication could also be circumvented by messing with the TCP/IP stack or replacing system files.
Otherside