http://qs321.pair.com?node_id=740283


in reply to Good IPC Message Protocols?

There is a term for what you are attempting:

Security through Obscurity

...and it doesn't work. It's not even a halfway good idea; there is no partial payoff for partial effort. By making it difficult for a human to read you are simply setting up an interesting (or not-so-interesting) challenge for a would-be hacker. Without actual encryption, authentication, certification, etc. you gain absolutely no security from this approach.


However the statements you made are a bit confusing:

>I'd rather do something more secure.
>(note: I'm not encrypting. I'm trying to make it really hard for the privileged process to miss-interpret the message it receives.)

Perhaps security is not what you are after at all?

If you are only trying to prevent malformed commands from causing your application to crash, there is a very simple rule: don't execute anything sent in the command. Define all actions the application can perform in the server side code and simply allow the remote commands to trigger those actions in safe, meaningful sequences. If you need data from the user, don't use it directly, translate it into something pre-defined and use that. Read about taint mode for more about how to not execute anything that came from that dirty/evil/hacked outside world. The basic concept of taint mode is "There is no five-second rule." If it has ever touched the outside world, wrap it in a napkin and throw it away.