Part III
Network-Based Application Considerations
Chapter 9
Socket Security
Sockets are at the heart of any application that communicates using the TCP/IP protocol. Some of the issues I ll cover in this chapter include binding your server so that it cannot be hijacked by local users, writing a server that can listen on the network interfaces the user chooses, and managing how you accept connections. I ll also discuss general rules for writing firewall-friendly applications, spoofing, and host-based and port-based trust.
This chapter assumes familiarity with the fundamentals of sockets programming. If you are new to sockets programming, a book I found helpful is Windows Sockets Network Programming (Addison-Wesley Publishing Co., 1995), by Bob Quinn and David Shute. The example programs are written in C, with a touch of C++ thrown in. I like to use the .cpp extension to get stricter compiler warnings, but the applications should be accessible to anyone who can read C. Some of the specific socket options and interface management functions are Microsoft-specific, but the general ideas should be useful to people writing code for any platform.