February 21, 2006
Microsoft releases DACL guidance for developers of Window services
Microsoft has recently released a KB article on Best practices and guidance for writers of service discretionary access control lists that I think developers of services on Windows should really read.
In the article Microsoft shows how to successfully apply DACLs to make services more secure for our workstations and servers, and offers guidance on how to assess the security of your application. A majority of the information surrounds around understanding and interpreting SDDL (Security Descriptor Definition Language), something I fear too many developers don't properly understand.
I would also recommend that you check out the MSDN hub on Service Security and Access Rights. There you can get a better feeling for how the Windows security model enables controlled access to service objects and the service control manager (SCM).
UPDATE: Alun reminded me in the comments that he wrote a pretty good post on how to read SDDL a few weeks back. You can check it out here.Posted by SilverStr at February 21, 2006 08:49 PM | TrackBack