15,885,546 members
Sign in
Sign in
Email
Password
Forgot your password?
Sign in with
home
articles
Browse Topics
>
Latest Articles
Top Articles
Posting/Update Guidelines
Article Help Forum
Submit an article or tip
Import GitHub Project
Import your Blog
quick answers
Q&A
Ask a Question
View Unanswered Questions
View All Questions
View C# questions
View C++ questions
View Javascript questions
View Visual Basic questions
View Python questions
discussions
forums
CodeProject.AI Server
All Message Boards...
Application Lifecycle
>
Running a Business
Sales / Marketing
Collaboration / Beta Testing
Work Issues
Design and Architecture
Artificial Intelligence
ASP.NET
JavaScript
Internet of Things
C / C++ / MFC
>
ATL / WTL / STL
Managed C++/CLI
C#
Free Tools
Objective-C and Swift
Database
Hardware & Devices
>
System Admin
Hosting and Servers
Java
Linux Programming
Python
.NET (Core and Framework)
Android
iOS
Mobile
WPF
Visual Basic
Web Development
Site Bugs / Suggestions
Spam and Abuse Watch
features
features
Competitions
News
The Insider Newsletter
The Daily Build Newsletter
Newsletter archive
Surveys
CodeProject Stuff
community
lounge
Who's Who
Most Valuable Professionals
The Lounge
The CodeProject Blog
Where I Am: Member Photos
The Insider News
The Weird & The Wonderful
help
?
What is 'CodeProject'?
General FAQ
Ask a Question
Bugs and Suggestions
Article Help Forum
About Us
Search within:
Articles
Quick Answers
Messages
Comments by Shubhanshu Pathak (Top 5 by date)
Shubhanshu Pathak
31-Jan-16 22:25pm
View
Hi Kornfeld,
Thank you so much for the response.
So what I understood from the discussion is:
1. 'Opening a port' is not a security risk if the underlying service is good
enough to handle the security breaches.
2. If the services doesn't provide any edit functionality to the user/hacker
than it is safe enough.
3. Service in my case is just allowing the user to open HTML pages in a
windows form application inside a WebBrowser control. The user of the
application can't modify the URL.
4. The running service always turns off as the application gets closed. Next
time it will be launched with some other port.
As you mentioned about the DoS attack. In this case the hacker can make the service unavailable. This should be fine for my case as my service starts and stops multiple times and is short lived.
Kindly correct me if any of my above understanding is wrong.
Thanks,
Shubh
Shubhanshu Pathak
31-Jan-16 1:11am
View
Hi Kornfeld,
I have mentioned the reason of the random ports in the below comment.
Can you please throw some light on the concerns which has been mentioned below.
Thanks in advance...
Shubh
Shubhanshu Pathak
27-Jan-16 23:45pm
View
Thanks to all of you for providing comments and solutions...
@SA...
The idea of random port is like this.
1. I just picked a port range (5000 - 9000)
2. Now using the System.Net.NetworkInformation.IPGlobalProperties interface got all
the ports
3. Just looped through them to get the free port.
4. This is just to avoid my listener to hook to a already in-use port.
With random port I am not trying to solve any security issue...
@All...
when a hacker tries to get the open port from a machine where this application is running definitely he will get this port opened by my application.
But in this port already a service is running which doesn't expose anything. Even if he/she will get the url format which I am using, it can't be browsed from any other machine (say, by replacing localhost with IP of the m/c)
So from this port -
1. can the hacker damage anything else on the machine?
2. Can he gets access to something which is vulnerable?
Many Thanks,
Shubh
Shubhanshu Pathak
4-Jan-13 5:22am
View
Can someone please help...
Shubhanshu Pathak
27-Dec-12 2:20am
View
Thanks for the reply Sergey. My initial approach was using WPF only. I achieved the functionality as well but the Memory consumption was too much and was not acceptable. So the next probable solution was using DirectX. Hence I went for it.