tags:

views:

92

answers:

3

Using C#, and given that the user enters in a unc path. Is there a way to verify that 2 months down the line, when I'm writing a file to the unc path, that it is the same machine as when he entered it?

i.e. I'm writing some sensitive information to the path, and want to stop someone from putting another machine on the network with the same name / share etc and grabbing the output. Or if the software is running on a laptop and the user plugs it into another network, and there just happens to be a machine with the same name / share...

Any ideas, other than using the IP address (and verifying that its the same?). I don't necessarily have any rights on the remote machine other than write access to the unc share.

Yes, I'm probably being paranoid, but would like to know if anything is possible...

+2  A: 

If you don't have access to the box and you don't want to use IP then the only other thing I can think of is to leave a hidden file on the share when the user enters the UNC and verify existence and content (perhaps a guid) when you revisit.

Lazarus
IP is no guarantee -- if something so nefarious is going down, the "imposter" computer could almost certainly set a static IP to match that of the original machine, no?
Jay
@Jay, absolutely but given the poor state of security (if indeed it could be called that here) it's better than nothing. There is also the inference that this UNC location is likely to be fairly open as there's no authentication to the box in question so it's all pretty moot. Just trying to make the best of a bad situation ;)
Lazarus
Yea, not ideal, I agree, good idea though.
Gareth
+2  A: 

If the machines are on the same subnet, you might be able to use ARP to retrieve the MAC address of the machine. That is a little harder to spoof. When they enter the UNC path, retrieve the MAC address. Then later before writing the file, do the same resolution and verify that the MAC address is the same.

Mark Wilkins
Nice 'out-of-the-box' thinking +1
Lazarus
A: 

If you are concerned about security for such scenarios, for me the only possible way to go is data encryption. With a public key infrastructure you can make sure that only the person you want to receive the data will actually be able to decrypt the data and you can also make sure that the receiver knows that you and only you have written the data.

There is much information about data encryption on the internet, so I'm not going into details here, but be sure you look for keywords like "public key infrastructure, rsa, aes, hybrid cryptosystem, digital signature".

Best Regards,
Oliver Hanappi

Oliver Hanappi