Understanding RPC Security

The Remote Procedure Call (RPC)—a protocol that defines the set of rules used to initiate, perform, and end a data communication—is the basis of all networked application communication. Whenever a local application requires access to the services provided by code on another machine, it must use some type of RPC to obtain those services. The term RPC is somewhat generic because both DCOM and Common Object Request Broker Architecture (CORBA) rely on an RPC. Of course, DCOM relies on the Distributed Computing Environment (DCE) RPC supported by the Open Software Foundation (OSF). DCOM and CORBA can’t communicate because they rely on a different RPC—more precisely, they rely on a different set of rules (or protocol) when communicating.

You might wonder how this discussion affects the security of your application. The protocol you choose for communication between applications—the RPC—defines the security issues you must consider. The .NET Framework supports both DCOM and the Simple Object Access Protocol (SOAP)—the differences between the two from a security perspective are nothing less than astounding.

DCOM is the selection of choice for non-Internet communications because it includes security as part of the protocol. You can set a number of DCOM security measures using the DCOM Configuration Tool (DCOMCnfg). The security measures include encryption and various levels of authentication. Unfortunately, this utility only works for unmanaged out-of-process servers. Your managed component is still accessible through DCOM, but you’ll need to include security features for it as part of the program code (as usual). Even with the lack of managed component configuration, DCOM is relatively secure compared to other RPCs. The DCOM Configuration Tool appears in the DCOM Config folder of the Component Services console located in the Administrative Tools folder of the Control Panel when using Windows XP. See the “Using the DCOMCnfg Utility” section of Chapter 15 for details.

SOAP is the selection of choice for Internet communications for many companies because older technologies such as DCOM are binary and use multiple ports. SOAP is XML-based and relies on the same ports as standard HTTP or Simple Mail Transfer Protocol (SMTP) for communication (it’s possible to use other transport protocols, but these are the two most common protocols in use now). Obviously, there are no restrictions of the ports that SOAP can use, but the use of a single standard port makes firewall setup considerably easier. Text data transfer makes it easier for the recipient to scan the data for potential viruses. However, SOAP has no built-in security and it doesn’t appear that it will have good security any time soon. The only way around this problem is to encrypt your data and send it using Base64 encoding (this encoding technique helps you send binary data using a standard text message). (See the article entitled “How Does Base64 Encoding Work?” at http://email.about.com/library/weekly/aa070201a.htm for details.)

It’s important to understand the two types of RPC support supplied by the .NET Framework because you can secure DCOM easily, but SOAP requires a lot of work. (See some of the reasons for the difficulty in the article entitled “Schneier worried about SOAP security” at http://www.xmlhack.com/read.php?item=1541.) This chapter discusses the DCOM RPC and the security measures you can use with it. To learn more about SOAP security, read the “Working with WS-Security” section of Chapter 11. It discusses both the Microsoft solution to the problem and the World Wide Web Consortium (W3C) solution, which is the SOAP Security Extensions standard.