Skip to Main Content
Learning DCOM
book

Learning DCOM

by Thuan L. Thai
April 1999
Intermediate to advanced content levelIntermediate to advanced
502 pages
15h 5m
English
O'Reilly Media, Inc.
Content preview from Learning DCOM

Security Impact of the OBJREF

We have concentrated on the OBJREF and connection points in this chapter. Both of these discussions involve the passing of an interface pointer from one object to another. This is very powerful, but even if a client receives an interface pointer, it doesn’t mean that the client can successfully invoke methods using the received interface pointer. The reason for this is security. The receiver can invoke methods on the received interface pointer, barring security constraints.

For example, a ChatClient component successfully obtains a ChatServer object’s IUnknown interface pointer from the ChatBroker component. Nevertheless, this doesn’t mean that the ChatClient component can send chat messages to the ChatServer component. This depends upon the ChatServer component’s access security, which can be configured programmatically using CoInitializeSecurity or manually using dcomcnfg.exe. Even if these are correctly configured, the authentication levels and impersonation levels may also be a factor in successful invocations. You’ll have to correctly configure security in order for successful method invocations among different components.

As a different but related example, consider that a ChatClient component successfully sends a chat message to a server, because it has access. However, it may be possible that the ChatServer component cannot make callbacks to the client, because the client cannot authenticate the server. For instance, if you’ve configured the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Windows Internals, Fifth Edition

Windows Internals, Fifth Edition

David A. Solomon Mark E. Russinovich and Alex Ionescu
Windows® via C/C++, 5th Edition

Windows® via C/C++, 5th Edition

Jeffrey Richter, Christophe Nasarre
Learning Go

Learning Go

Jon Bodner

Publisher Resources

ISBN: 9781449307011Supplemental ContentErrata Page