2

I'm currently writing a modular desktop app in c# .NET 4.5 using prism 5.0.

My application is composed of the "core" (or the host), and several modules. Each of my modules are implementing the IModule interface provided by prism. The core of my application provides an "API" to the modules so they can interact easily with the application/other modules. For example, the "API" allows a Module to publish or subscribe to events or to communicate with a BDD.

Here is my problem :

There is some sensitive information in the BDD and I don't know in advance which module will be running. I want to handle the possibility of a "malicious" module: I would like to add a layer of security to my host application. For example, I want to check if a Module has the rights to delete something in the BDD. How could I do that? I already have the rights of each modules stored in a BDD, but how could I know which module is making the call to the API in a secure way?

Everything should be done dynamically since I don't know in advance which module will be running.

For now this is what came to my mind:

  • The call to the API should take an extra parameter: a Type. But a module can easily fake a type by doing typeof(someType)

  • The call to the API should take an extra parameter: a IModule: the calling Module would send himself (this) as a parameter so I could check for the type in the API. But once again the calling module can still fake it easily by getting some instance of another module via the provided UnityContainer or whatever.

  • Check for the type of the calling object via the StackFrame. This one could be the "safer" but it's really heavy and dirty in my opinion.

Is there any other way? I'm very new to c# and modular pattern, I'm sure I'm missing something.

EDIT: I will use the sboutzen's method to authentifcate my modules at the loading of the assemblies. If the module is a known module I'll give him a random generated key. Each time the module want to make a call to the API he will have to give the provided key so I can check his identity.

This is the safest thing I can think of.

Community
  • 1
  • 1
Blablablabli
  • 174
  • 9

1 Answers1

0

You can use strong named modules. See https://msdn.microsoft.com/en-us/library/xc31ft41%28v=vs.110%29.aspx. This way you can authenticate and authorize each module (assembly).

sboutzen
  • 269
  • 7
  • 16