[Mono-dev] The best way to secure remoting?
Robert Jordan
robertj at gmx.net
Tue Dec 4 10:01:17 EST 2007
pablosantosluac wrote:
> Thanks for your answer Robert.
>
> The problem is that I can't host my objects on XSP (plasticd is actually a
> service or a daemon, but not a hosted XSP) neither use SOAP
> (performance!)...
I see. You could make a copy of TcpChannel and change it to
encrypt the data. Since TcpChannel already has a connection
pool, it should be already well prepared for SSL.
Two days of work, I'd guess.
Unfortunately, the remoting infrastructure is not flexible enough
to allow other solutions. One could be deluded to implement
encryption as a channel sink, but this is really suboptimal
because you don't have sessions at this layer.
W/out sessions, SSL (and any other symmetric encryption that needs
an asymmetric key exchange phase) will be extremely slow.
Robert
>
>
> pablo
>
>
> ----- Original Message -----
> From: "Robert Jordan" <robertj at gmx.net>
> To: <mono-devel-list at lists.ximian.com>
> Sent: Monday, December 03, 2007 10:35 PM
> Subject: Re: [Mono-dev] The best way to secure remoting?
>
>
>> pablosantosluac wrote:
>>> Hi there,
>>>
>>> AFAIK with .net 2.0 SSL is an standard channel, isn't it?
>> No, in MS.NET 2.0 it is based on NegotiateStream that uses
>> whichever authentication and encryption Windows SSPI dictates.
>> See MSDN.
>>
>>> But my question is: if I want to keep the mono-1.0 profile... what's the
>>> best way to secure remoting communication?
>> Host your remoting objects in XSP and use HttpChannel + SOAP formatter
>> over SSL.
>>
>> Robert
>>
>> _______________________________________________
>> Mono-devel-list mailing list
>> Mono-devel-list at lists.ximian.com
>> http://lists.ximian.com/mailman/listinfo/mono-devel-list
More information about the Mono-devel-list
mailing list