MSMQ-无身份验证
[英]MSMQ - No Authentication
问题描述
We are looking at setting up MSMQ but in our environment users aren't guaranteed to have have Active Directory and using certificates would be an extra process we would not like to have. 
我们正在考虑设置MSMQ,但是在我们的环境中,不能保证用户具有Active Directory,使用证书是我们不希望拥有的额外过程。
So I started looking into using a private queue without the "Authentication" checkbox, I get the warning on the MSMQ properties saying: 因此,我开始研究使用不带“身份验证”复选框的专用队列,我收到有关MSMQ属性的警告,说:
Queue is unauthenticated. Message senders can bypass the Access Control settings specified on the security tab.
But it seems that if I change user settings on the Security tab then it works as I would think. 但是看来,如果我在“安全性”选项卡上更改了用户设置,则它会按照我的想法工作。 A user without "Send Message" permission can't send a message to the queue I get the error "Access is denied". 没有“发送消息”权限的用户无法将消息发送到队列,但我收到错误消息“访问被拒绝”。
So my question is what exactly can the "Message senders" bypass when the "Authentication" checkbox isn't checked as described in the warning message above? 所以我的问题是,当未按照上述警告消息中的说明选中“身份验证”复选框时,“消息发件人”究竟可以绕过什么?
1 个解决方案
解决方案1
0 2017-09-20 23:27:26
Permissions are easily bypassed. 权限很容易被绕开。 The sender would just need to craft a message with a SID value that matched one with access permissions to the queue. 发送者只需要制作一条SID值与具有对队列访问权限的消息相匹配的消息即可。 Access control without authentication is just a speed bump to a determined attacker. 没有身份验证的访问控制只是确定的攻击者的一个障碍。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.