Open zalintyre opened 6 years ago
Are you wanting to add message validation or full encryption? Is the goal to ensure that the client of the named pipe is authorized to make the calls?
I'd like to see full encryption of the pipe, in a way that noone other than client and wrapper have access to the pipe contents. Maybe TLS encryption could do the trick.
Authorization is not key here - the called DLL resides on the same system - so windows should handle this.
The Problem
The current implementation uses a named pipe to enable communication between wrapper and client. This is insecure, because a named pipe can be read by anyone who knows its name.
The (possible) solution
Either there is a way to encrypt traffic going over the pipe (e.g. TLS), or we switch to another (secure) IPC technology.