tags:

views:

150

answers:

2
Q: 

How to transfer sensitive data between processes in Windows?

I would like to transfer user name and password information from one process to another process running on the same server in Windows. What is the best approach to achieve this transfer in a secure way? One simple approach is to copy the passwords to a file and then have the other process read from a file and then delete the file once it is read. Though this is simple I am concerned if it is secure though since it is still possible for someone to gain access to this file even though it lives only for a short period of time & also has the possibility of the file being left out if the other processes errors out or crashes. IPCs like sockets and named pipes seems to be an overkill for this problem. I am more inclined towards using memory mapped files as explained in this link below which talks about sharing memory across processes. Is this the right approach? Also, is it a good idea to fill the memory with dummy data prior to freeing/erasing to prevent rouge processes from scavenging data from this memory location?

http://msdn.microsoft.com/en-us/library/aa366551(VS.85).aspx

+1  A: 

Use some IPC that (1) is not backed to disk, (2) supports ACLs.

This would seem to indicate named pipes.

Alternately DCOM and WCF both support content encryption.

Richard  2009-06-11 20:10:25
It is really scary to know that just named pipes, wcf and DCOM are the only options for such a simple task. I am still siding with memory mapping. Any thoughts on that?
msvcyc  2009-06-11 20:19:45
@msvcyc: Firstly security is never simple, secondly based on those crierta that's what I see. There are other options (e.g. SSL) but that means implementing your own access control.
Richard  2009-06-12 18:55:29
+3  A: 

RPC is your friend here (I wouldn't use named pipes to transfer secured data because they have some serious issues (because they operate in a global namespace and thus are vulnerable to squatting attacks)).

Since the data isn't being passed on the wire, encryption isn't as important as some are describing. Instead have one process implement an RPC server and have the other end bind to that server, issue the RPC call with the credentials and destroy the binding handle - that should tear down the intermediate data structures.

Don't forget to securely zero out the memory when you're done using it (otherwise it might get persisted to disk).

If you DO want to use encryption, use CryptProtectMemory which will encrypt the data in a fashion that can be used for IPC.

Larry Osterman  2009-06-12 05:25:22
Absolutely. Don't use named pipes or a memory mapped file. With either of these technologies you are likely to introduce a more severe vulnerability than the one you are trying to mitigate.
Chris Clark  2009-06-12 11:19:06
Query: How does RPC avoid the naming squatting issue?
Richard  2009-06-12 18:56:45
If you bind to a static endpoint (ncalrpc:\\myapp) you have squatting issues, but if you bind to a dynamic endpoint you don't (you need to be a bit careful but it's possible).
Larry Osterman  2009-06-13 03:30:41

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)