5 Security

PSRP clients should provide reasonable security when working with potentially malicious servers. In particular:

  • If host method calls result in interaction with a user, it is recommended that the client implementation inform the user that the interaction (for example, a request for credentials) originated from a remote server.

  • If host method calls (for example, calls to the GetBufferContents method) can result in an unintended information disclosure, then it is better to return an exception ("me" property) rather than return the actual data ("mr" property).