Database Search

match allmatch any Look in all areasLook in current areas Check all datesPrevious dayPrevious 3 daysPrevious weekPrevious fortnightPrevious monthPrevious 2 monthsPrevious 3 monthsPrevious half-yearPrevious year

TechHome

• Communicating with Named Pipes
• Named Pipe Security
• PipeServerCreate problem
• Use Named Pipes to Send Chunks of Binary Data

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

Named Pipe Security

 Keywords: Named Pipe Path Ip Address Server Client Security 

---

Question:

Is there a way for the server to determine the path (source) of the client? We are assuming for this exercise an uncooperative client. So basically this is a security measure. We are trying to figure out where the client is coming from (ip address, unc path) so we can decide whether to respond.

Answer:

There are some things that you can do with this from within WinBatch, and there are some things that you can do w/respect to the server-end of the PIPE that may help to restrict access to it.

1. Since you are writing the server that creates the pipe and listens on it, you have complete control over the message format used. Make sure that any request messages sent from the pipe client to the pipe server have some sort of "signature" present that isn't easy to fake short of having reverse engineered the code to be able to create a counterfeit a message that appears to be valid.

2. Named pipes can be secured with a security descriptor just like any other executive/kernel object. It is possible to apply a Security Descriptor with a Discretionary ACL [a.k.a "permissions"] that restrict which users can access the named pipe from a client system.

Remember, the client computer must be a member of a domain in your forest, or else be a member of a trusted domain before the NT security will permit the client to make a connection if you have properly configured the security for the named pipe, so you won't be dealing with as wide a scope of client systems as you would if you were trying to secure a TCP port from being accessed by any system connected to the Internet.

The Server Manager can also show all of the users and client workstations that are connected to shares on a server, and this should include clients of named pipes, too. There might be a WMI class that is capable of obtaining this information, and there is also the wntShareUsers() function in the Win32 NetWork extender. The wntShareUsers() function provides the same type of information that the Server Manager provides, and it should be able to obtain named pipe client user/computer information in some form that could be useful to you.

---

Article ID:   W18221

Filename:   Named Pipe Security.txt

File Created: 2013:04:02:07:58:48

Last Updated: 2013:04:02:07:58:48