I planning to split my program to 2 processes: 1st is the GUI, and 2nd is a background process running with administrator account. Both should communicate each other.
我计划将我的程序分成两个过程:1是GUI, 2是后台进程运行管理员帐户。双方都应该互相沟通。
I thinking about use named pipes for this, but there is one thing that bothering me:
我在考虑使用命名管道,但有一件事困扰着我:
Is there a way to ensure only my program can access a named pipe?
是否有办法确保只有我的程序才能访问指定的管道?
2 个解决方案
#1
3
When creating named pipes, you can usually secure access to it (on both sides) with a security descriptor. However, security descriptors are for users, not for applications (and for good reason, from a security standpoint, you want to secure the user, not the application).
在创建命名管道时,通常可以使用安全描述符(双方)保护对其的访问。但是,安全描述符是针对用户的,而不是应用程序的(出于充分的理由,从安全的角度来看,您希望保护用户,而不是应用程序)。
That said, you could create a user that your client and server run under, and as long as you keep that account secure, you'd be fine (you'd secure the pipe with the security descriptor of that user).
也就是说,您可以创建您的客户端和服务器在下面运行的用户,只要您保持该帐户的安全,您就会很好(您将使用该用户的安全描述符来保护管道)。
So, if your program is the only program that is using that user identity then technically, yes, the pipe would only be usable by your program. However, you then have to manage the security of the account.
所以,如果你的程序是唯一一个使用用户标识的程序,那么技术上来说,是的,管道只能被你的程序使用。但是,您必须管理帐户的安全性。
#2
2
IF you only need to support Windows Vista or later versions, there are Windows APIs you can call to find out the ProcessId and/or SessionID of the process on the other end of a pipe once a connection has been made (e.g. GetNamedPipeClientProcessId and family). You could use these to implement an explicit check to ensure that only the applications you want to communicate via the pipe can do so.
如果您只需要支持Windows Vista或以后的版本,那么您可以调用Windows api,在建立连接后(例如GetNamedPipeClientProcessId和family),在管道的另一端找到进程的procd和/或SessionID。您可以使用它们来实现显式检查,以确保只有希望通过管道进行通信的应用程序可以这样做。
#1
3
When creating named pipes, you can usually secure access to it (on both sides) with a security descriptor. However, security descriptors are for users, not for applications (and for good reason, from a security standpoint, you want to secure the user, not the application).
在创建命名管道时,通常可以使用安全描述符(双方)保护对其的访问。但是,安全描述符是针对用户的,而不是应用程序的(出于充分的理由,从安全的角度来看,您希望保护用户,而不是应用程序)。
That said, you could create a user that your client and server run under, and as long as you keep that account secure, you'd be fine (you'd secure the pipe with the security descriptor of that user).
也就是说,您可以创建您的客户端和服务器在下面运行的用户,只要您保持该帐户的安全,您就会很好(您将使用该用户的安全描述符来保护管道)。
So, if your program is the only program that is using that user identity then technically, yes, the pipe would only be usable by your program. However, you then have to manage the security of the account.
所以,如果你的程序是唯一一个使用用户标识的程序,那么技术上来说,是的,管道只能被你的程序使用。但是,您必须管理帐户的安全性。
#2
2
IF you only need to support Windows Vista or later versions, there are Windows APIs you can call to find out the ProcessId and/or SessionID of the process on the other end of a pipe once a connection has been made (e.g. GetNamedPipeClientProcessId and family). You could use these to implement an explicit check to ensure that only the applications you want to communicate via the pipe can do so.
如果您只需要支持Windows Vista或以后的版本,那么您可以调用Windows api,在建立连接后(例如GetNamedPipeClientProcessId和family),在管道的另一端找到进程的procd和/或SessionID。您可以使用它们来实现显式检查,以确保只有希望通过管道进行通信的应用程序可以这样做。