I am currently developing a Widows application that uses remoting to pass
objects back and forth from the server to the client computer and
vice-versa. When an object is instantiated and loaded on the server, the
object is loaded with important read-only information that I obviously don't
want the user to change because when the object is passed back on the
server, I use that read-only information to take different actions in how to
save the object's data back into the database.
My question is as follows: Once the object is moved to the client computer,
is it easy for a hacker to use some utility that is capable of locating
where the object is in memory and then use a utility to modify the data in
the object (my read only property values)?
Thanks 3 1138
"Easy" a relative term, but there are a plethora of memory tools and
debuggers that can inspect the memory of a process. You can't assume
anything is safe on a remote computer.
You could, however, detect if the client tampered with the data with a
cryptographic hash. The following article has some details and
examples: http://msdn.microsoft.com/msdnmag/is...s/default.aspx
--
Scott http://www.OdeToCode.com/blogs/scott/
On Wed, 10 Nov 2004 23:24:10 -0600, "Rene" <no****@nospam.nospam>
wrote: I am currently developing a Widows application that uses remoting to pass objects back and forth from the server to the client computer and vice-versa. When an object is instantiated and loaded on the server, the object is loaded with important read-only information that I obviously don't want the user to change because when the object is passed back on the server, I use that read-only information to take different actions in how to save the object's data back into the database.
My question is as follows: Once the object is moved to the client computer, is it easy for a hacker to use some utility that is capable of locating where the object is in memory and then use a utility to modify the data in the object (my read only property values)?
Thanks
Can data be overridden directly in memory even for objects such as the
System.Threading.Thread.CurrentPrincipal object?
"Scott Allen" <bitmask@[nospam].fred.net> wrote in message
news:gd********************************@4ax.com... "Easy" a relative term, but there are a plethora of memory tools and debuggers that can inspect the memory of a process. You can't assume anything is safe on a remote computer.
You could, however, detect if the client tampered with the data with a cryptographic hash. The following article has some details and examples: http://msdn.microsoft.com/msdnmag/is...s/default.aspx
-- Scott http://www.OdeToCode.com/blogs/scott/
On Wed, 10 Nov 2004 23:24:10 -0600, "Rene" <no****@nospam.nospam> wrote:
I am currently developing a Widows application that uses remoting to pass objects back and forth from the server to the client computer and vice-versa. When an object is instantiated and loaded on the server, the object is loaded with important read-only information that I obviously don't want the user to change because when the object is passed back on the server, I use that read-only information to take different actions in how to save the object's data back into the database.
My question is as follows: Once the object is moved to the client computer, is it easy for a hacker to use some utility that is capable of locating where the object is in memory and then use a utility to modify the data in the object (my read only property values)?
Thanks
Well, it would be easy to overwrite the property with managed code.
--
Scott http://www.OdeToCode.com/blogs/scott/
On Thu, 11 Nov 2004 02:59:13 -0600, "Rene" <no****@nospam.nospam>
wrote: Can data be overridden directly in memory even for objects such as the System.Threading.Thread.CurrentPrincipal object?
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Dave L |
last post by:
I am inquiring about the feasability of being able to determine when an
object of a certain type is instantiated.
I have a base type that I want to be able to determine when each instance is...
|
by: DrUg13 |
last post by:
In java, this seems so easy. You need a new object
Object test = new Object() gives me exactly what I want.
could someone please help me understand the different ways to do the
same thing in...
|
by: Eric St-Onge |
last post by:
Hi,
I have a DLL that exposes COM interfaces.
One of the COM Object receives an IDispatch pointer. I know that this
IDispatch pointer is in fact a COM Callable Wrapper for a...
|
by: Ray5531 |
last post by:
I have a console application in my local computer which I like to use
remoting in it,to instanciate an object (MyClass.dll) in a web
application(its bin folder) in a completely seperated box(in the...
|
by: Joe Johnston |
last post by:
I need a Browser Helper object written in VB.NET Please
point me at a good example.
Joe
MCPx3
~ Hoping this MSDN ng three day turnaround is true.
Additional info:
What is a BHO? In its...
|
by: Martin Robins |
last post by:
I am currently looking to be able to read information from Active Directory into a data warehouse using a C# solution. I have been able to access the active directory, and I have been able to return...
|
by: antonyliu2002 |
last post by:
Let me try to make clear what my concern is. I think it is a pretty
interesting one, which I think of while I am developing my web
application.
I have an authenticated/authorized web...
|
by: TS |
last post by:
Steven, i lost this message conversation from outlook express and made a
post online (see last one on this page). Please answer it as it hasn't been
yet.
thanks
The clientID of our controls...
|
by: Ahmad |
last post by:
Hi,
I am developing a desktop based application that will pull data from a
site for a specific keyword. The site I am using is
http://freekeywords.wordtracker.com/
Now to search a keyword...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |