CBOOP component identifiers - Programmers Heaven

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

Welcome to the new platform of Programmer's Heaven! We apologize for the inconvenience caused, if you visited us from a broken link of the previous version. The main reason to move to a new platform is to provide more effective and collaborative experience to you all. Please feel free to experience the new platform and use its exciting features. Contact us for any issue that you need to get clarified. We are more than happy to help you.

CBOOP component identifiers

[b][red]This message was edited by 684867 at 2005-1-15 10:15:58[/red][/b][hr]
Component Identifiers in Microsoft's COM (Component Object Model) is insecure. Its greatest flaw is the CLSID and the lack of any authentication mechanism to prevent components from being spoofed by viruses, worms and other such beasts.

CBOOP will be more secure with a CLSID-like mechanism that provides
such authentication. Here, we choose to authenticate a class identity by using 128-bit fingerprints using crypto algorithms during compile time. These fingerprints can be authenticated at run time.

A component calling another would effectively call the component loader (op/sys). Then it would build a fingerprint of the component that is loaded and compare this fingerprint to the known (expected) fingerprint of the component. Thus, the loaded component cannot be spoofed by malware components.

****************************************
Excellence Breeds! Go Hard or Go Home.

Let Penguins rule the earth.
Break some windows today.


Sign In or Register to comment.