February 21, 2006

Microsoft releases DACL guidance for developers of Window services

Microsoft has recently released a KB article on Best practices and guidance for writers of service discretionary access control lists that I think developers of services on Windows should really read.

In the article Microsoft shows how to successfully apply DACLs to make services more secure for our workstations and servers, and offers guidance on how to assess the security of your application. A majority of the information surrounds around understanding and interpreting SDDL (Security Descriptor Definition Language), something I fear too many developers don't properly understand.

I would also recommend that you check out the MSDN hub on Service Security and Access Rights. There you can get a better feeling for how the Windows security model enables controlled access to service objects and the service control manager (SCM).

Happy reading!

UPDATE: Alun reminded me in the comments that he wrote a pretty good post on how to read SDDL a few weeks back. You can check it out here.

Posted by SilverStr at February 21, 2006 08:49 PM | TrackBack
Comments

Wow - would it be too immodest of me to think that maybe someone's been reading my blog?

http://msmvps.com/blogs/alunj/archive/2006/02/13/83472.aspx - "SDDL - easier to read, except when it's not."

Posted by: Alun Jones at February 22, 2006 08:02 AM

Oh, I totally forgot you blogged about SDDL just before Valentines. No idea why I didn't link to you about it. Let me add that as an update to the post.

Posted by: Dana Epp at February 22, 2006 08:30 AM

This is good information, now if only someone in Redmond would take the time to write a managed implementation of this!

Posted by: Andrew Law at February 22, 2006 12:14 PM