4.14. RPC services protection

Developpers of RPC services can protect their applications against the problem described in the previous section using two new API, RpcServerRegisterIfEx() and RpcServerRegisterIf2(). These new API allow the specification of a security-callback function, on a per-interface basis.

Typically, a security-callback function verifies that the protocol sequence used by a client is legal. For instance, it is thus possible to forbid access to RPC services that are supposed to be used only locally, even if the process that hosts RPC services also runs RPC services listening on named pipes or TCP or UDP sockets.

When these APIs are used, it usually implies that only a subset of all the interfaces that appear on the output of the ifids command can be reached, using dedicated endpoints.