Protecting Distributed Components

   

If your application uses distributed COM, you need to secure the components you deploy and register to remote workstations. In the context of remote component deployment, security means configuring each component’s access and launch permissions and protecting the component from tampering.

Security for creating remote objects is important because of the very simplicity of distributed COM. The only thing that determines whether a client uses a local ActiveX component, or the same component running on a remote computer, is the client computer’s Windows Registry entry for the component.

The default configuration of distributed COM allows only machine administrators to access and launch objects from a remote client. After you have distributed, registered, and applied NTFS file permissions to your application’s components, you must configure the access and launch permissions.

You can configure object permissions with the DCOMCNFG utility. With DCOMCNFG you define DCOM-specific settings in the registry, specifying where the component runs and who can launch and access the object.

For More Information   For an overview of security on the NTFS file system, see Protecting Files in this chapter. For more information on using DCOMCNFG to configure object access and launch permissions, search for "DCOMCNFG" in MSDN Library Visual Studio 6.0.