tags:

views:

92

answers:

3
+1  Q: 

Identify machine (relatively) uniquely using unc path

Using C#, and given that the user enters in a unc path. Is there a way to verify that 2 months down the line, when I'm writing a file to the unc path, that it is the same machine as when he entered it?

i.e. I'm writing some sensitive information to the path, and want to stop someone from putting another machine on the network with the same name / share etc and grabbing the output. Or if the software is running on a laptop and the user plugs it into another network, and there just happens to be a machine with the same name / share...

Any ideas, other than using the IP address (and verifying that its the same?). I don't necessarily have any rights on the remote machine other than write access to the unc share.

Yes, I'm probably being paranoid, but would like to know if anything is possible...

+2  A: 

If you don't have access to the box and you don't want to use IP then the only other thing I can think of is to leave a hidden file on the share when the user enters the UNC and verify existence and content (perhaps a guid) when you revisit.

Lazarus  2010-04-22 12:16:17
IP is no guarantee -- if something so nefarious is going down, the "imposter" computer could almost certainly set a static IP to match that of the original machine, no?
Jay  2010-04-22 12:21:58
@Jay, absolutely but given the poor state of security (if indeed it could be called that here) it's better than nothing. There is also the inference that this UNC location is likely to be fairly open as there's no authentication to the box in question so it's all pretty moot. Just trying to make the best of a bad situation ;)
Lazarus  2010-04-22 12:24:50
Yea, not ideal, I agree, good idea though.
Gareth  2010-04-22 12:31:34
+2  A: 

If the machines are on the same subnet, you might be able to use ARP to retrieve the MAC address of the machine. That is a little harder to spoof. When they enter the UNC path, retrieve the MAC address. Then later before writing the file, do the same resolution and verify that the MAC address is the same.

Mark Wilkins  2010-04-22 12:23:58
Nice 'out-of-the-box' thinking +1
Lazarus  2010-04-22 13:43:10
A: 

If you are concerned about security for such scenarios, for me the only possible way to go is data encryption. With a public key infrastructure you can make sure that only the person you want to receive the data will actually be able to decrypt the data and you can also make sure that the receiver knows that you and only you have written the data.

There is much information about data encryption on the internet, so I'm not going into details here, but be sure you look for keywords like "public key infrastructure, rsa, aes, hybrid cryptosystem, digital signature".

Best Regards,
Oliver Hanappi

Oliver Hanappi  2010-04-22 12:59:01

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?