Documentation about security

Question

Documentation about security

Closed this issue 8 years ago · 5 comments

Hello,

This library looks practical for small needs. But what about memory mapped file access control? I am not sure what are the defaults when doing CreateOrOpen without specific MemoryMappedFileSecurity.

Could you explain/document who can listen and send messages on the channel? For instance if running as a Windows service.

Thanks.

Answer 1 · 2017-05-19T15:03:50.000Z

Hi,

Any process on the machine should be able to read the file.

MemoryMappedFileSecurity only seems to available in the full .NET Framework and not .NET Core, I suppose I could create an overload that is available only on the full .NET Framework.

What is your use case?

Answer 2 · 2017-05-19T15:21:18.000Z

My use-case involve a pool of service processes (one service with multiple processes) which need to exchange some messages in a broadcast fashion.
But, I would like to guarantee that only this pool has access to the file, or maybe only the user running the service so that nobody else on the system can inject or listen to the messages being transmitted.

Answer 3 · 2017-05-19T15:43:56.000Z

How about this, if I create overloads where you can supply your own instances of the primitives involved you could configure them however you wanted before passing them in as arguments. This way I won't have to do anything special to support both .NET Core and full framework.

Could work something like this:

var lockMutex = new Mutex(...); // needs to be secured
var lockSemaphore = new Semaphore(...); // needs to be secured
var tinyReadWriteLock = new TinyReadWriteLock(lockMutex, lockSemaphore);

var memoryMappedFile = new MemoryMappedFile(...); // needs to be secured
var eventWaitHandle = new EventWaitHandle(...); // needs to be secured
var tinyMemoryMappedFile = new TinyMemoryMappedFile(memoryMappedFile, eventWaitHandle, tinyReadWriteLock);

var messageBus = new TinyMessageBus(tinyMemoryMappedFile);

What do you think?

Answer 4 · 2017-05-19T15:45:46.000Z

That sounds good.

Answer 5 · 2017-06-06T19:12:58.000Z

Hi, finally had time to take a look at this and I have made these adjustments and updated the NuGet package to v1.0.1.

Take a look at this unit test I created for an example of how to use build the message bus correctly.