I have an application that runs on multiple platforms, however all the business logic is in c# .net – I want to be able to “Remote Control” one app from another across the network and wondered if their were any guidelines in terms of security. I’ll be using sockets for communication. My main concerns are.
1) I want the actual network connection to be as secure as possible without having to install certificates (Unless they are generated and stored without user intervention)
2)I only want the app to be controllable from another app if permission has been given. An example might be app A prompting that app B would like permission to control it. At this point the user would click yes or enter a code generated by app A. After this point the user is never asked through restarts etc…
With the user entering a code to allow the communication it sounds like securing the channel using an encryption method that uses a symmetric key algorithm would work. The key would essentially be what the user types in to allow the communication to take place.
However, in order to establish the key, the main question is in how it is delivered to the user.
If it’s safe to assume that there is an operator running application A and that the operator can speak with the user of app B, then the operator could simply tell the user what the code is.
If, however, app A or the operator of app A has no direct contact with the user then you’ll have to go a different route.