[Mono-dev] The best way to secure remoting?

pablosantosluac pablosantosluac at terra.es
Wed Dec 5 05:31:39 EST 2007


Ok Robert, thanks!


Well, I guess I'd have to modify TcpServerChannel.cs  and 
TcpClientChannel.cs (I mean, create new ones) to use secured sockets or 
introduce some sort of encryption there... is that ok? Well, in fact I guess 
the code at TcpServerChannel is the one actually using sockets, isn't it?

About SSL, I've found the following C# SSL library: 
http://www.mentalis.org/soft/projects/seclib/. Is there a better option?

Thanks!

pablo

----- Original Message ----- 
From: "Robert Jordan" <robertj at gmx.net>
To: <mono-devel-list at lists.ximian.com>
Sent: Tuesday, December 04, 2007 4:01 PM
Subject: Re: [Mono-dev] The best way to secure remoting?


> pablosantosluac wrote:
>> Thanks for your answer Robert.
>>
>> The problem is that I can't host my objects on XSP (plasticd is actually 
>> a
>> service or a daemon, but not a hosted XSP) neither use SOAP
>> (performance!)...
>
> I see. You could make a copy of TcpChannel and change it to
> encrypt the data. Since TcpChannel already has a connection
> pool, it should be already well prepared for SSL.
> Two days of work, I'd guess.
>
> Unfortunately, the remoting infrastructure is not flexible enough
> to allow other solutions. One could be deluded to implement
> encryption as a channel sink, but this is really suboptimal
> because you don't have sessions at this layer.
> W/out sessions, SSL (and any other symmetric encryption that needs
> an asymmetric key exchange phase) will be extremely slow.
>
> Robert
>
>>
>>
>> pablo
>>
>>
>> ----- Original Message ----- 
>> From: "Robert Jordan" <robertj at gmx.net>
>> To: <mono-devel-list at lists.ximian.com>
>> Sent: Monday, December 03, 2007 10:35 PM
>> Subject: Re: [Mono-dev] The best way to secure remoting?
>>
>>
>>> pablosantosluac wrote:
>>>> Hi there,
>>>>
>>>> AFAIK with .net 2.0 SSL is an standard channel, isn't it?
>>> No, in MS.NET 2.0 it is based on NegotiateStream that uses
>>> whichever authentication and encryption Windows SSPI dictates.
>>> See MSDN.
>>>
>>>> But my question is: if I want to keep the mono-1.0 profile... what's 
>>>> the
>>>> best way to secure remoting communication?
>>> Host your remoting objects in XSP and use HttpChannel + SOAP formatter
>>> over SSL.
>>>
>>> Robert
>>>
>>> _______________________________________________
>>> Mono-devel-list mailing list
>>> Mono-devel-list at lists.ximian.com
>>> http://lists.ximian.com/mailman/listinfo/mono-devel-list
>
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-devel-list 




More information about the Mono-devel-list mailing list