Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses

Re: Good IPC Message Protocols?

by Cefu (Beadle)
on Jan 30, 2009 at 19:26 UTC ( #740283=note: print w/replies, xml ) Need Help??

in reply to Good IPC Message Protocols?

There is a term for what you are attempting:

Security through Obscurity

...and it doesn't work. It's not even a halfway good idea; there is no partial payoff for partial effort. By making it difficult for a human to read you are simply setting up an interesting (or not-so-interesting) challenge for a would-be hacker. Without actual encryption, authentication, certification, etc. you gain absolutely no security from this approach.

However the statements you made are a bit confusing:

>I'd rather do something more secure.
>(note: I'm not encrypting. I'm trying to make it really hard for the privileged process to miss-interpret the message it receives.)

Perhaps security is not what you are after at all?

If you are only trying to prevent malformed commands from causing your application to crash, there is a very simple rule: don't execute anything sent in the command. Define all actions the application can perform in the server side code and simply allow the remote commands to trigger those actions in safe, meaningful sequences. If you need data from the user, don't use it directly, translate it into something pre-defined and use that. Read about taint mode for more about how to not execute anything that came from that dirty/evil/hacked outside world. The basic concept of taint mode is "There is no five-second rule." If it has ever touched the outside world, wrap it in a napkin and throw it away.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://740283]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (3)
As of 2020-10-22 01:27 GMT
Find Nodes?
    Voting Booth?
    My favourite web site is:

    Results (225 votes). Check out past polls.