Opened 11 years ago

Closed 11 years ago

Last modified 9 years ago

#528 closed feature request (done)

Securing Hive Communication

Reported by: mbecirov Owned by: mbecirov
Priority: medium Milestone: HeuristicLab 3.3.0
Component: Hive.Client.Communication Version: 3.2
Keywords: Security; WCF; Communication Cc:

Description

Enhance current WCF based communication with security aspects like encrypted transport and message. Further on, the hardcoded data (ex. Ports and Addresses) should be moved to config files.

Change History (6)

comment:1 Changed 11 years ago by mbecirov

  • Status changed from new to assigned

comment:2 Changed 11 years ago by mbecirov

Establishing a secure channel through https based on X509 Certification Validation: Since certificate creation with tools like 'makecert' is not recommended by authors of Microsoft .NET, I'd prefer to use Windows Certification Services instead. This means, a Windows Server (DC or Certificate Server) has to publish a new certificate. This one will be used for HIVE Server to identify its clients. The fingerprint of the certificate is needed to create client certificates, but this process can be run programmatically on clients with a few limitations: Though the installation of certificates for client machines requires administrative rights, only users can be authenticated. To identify a physical machine within this certificate, additional ID's must be generated (ex. mac-address). Since certificate creation takes advantage of OS programs, we have also to consider different systems: For example WinXP uses 'httpcfg' cmd to install certificates. Using Vista OS, you've to use 'netsh http add sslcert' to do the same task...

comment:3 Changed 11 years ago by mbecirov

Removed binding configuration settings in various app.config files and implemented those settings in WcfSettings.cs file as a common place for WCF settings.

comment:4 Changed 11 years ago by mbecirov

  • Resolution set to fixed
  • Status changed from assigned to closed

Added a switch to enable/disable the use of certifications for testing purposes.

comment:5 Changed 9 years ago by swagner

  • Milestone changed from Iteration 3 to Current

Milestone Iteration 3 deleted

comment:12 Changed 9 years ago by swagner

  • Milestone changed from Current to HeuristicLab 3.3.0

Milestone Current deleted

Note: See TracTickets for help on using tickets.