IUnknown Security

IUnknown security is different from that of other interfaces. Because IUnknown is implemented locally by the proxy manager, it is not remoted to the server. Therefore, when a client makes calls to IUnknown, COM intercepts them and handles them locally. When COM needs to communicate with the server to release resources or obtain new interfaces, it uses a private interface called IRemUnknown that is implemented internally for each apartment. This situation leads to the following security issues:

• There can only be one instance of the IUnknown proxy. You cannot call CoCopyProxy on IUnknown because the IUnknown proxy is used to identify the object.
• All interface proxies delegate IUnknown calls to the IUnknown proxy. Therefore, all calls to AddRef, Release, and QueryInterface use the same security settings. For instance, if I set the authentication level on an interface called IMyInterface to encrypt, and call QueryInterface for IMyInterface, the authentication level used will be what is set for IUnknown, which may not be encrypt.
• COM caches the pointer returned by most calls to IUnknown. Therefore, some IUnknown calls will be sent over the wire and others will not. So, setting IUnknown security may not have the desired results if DCOM is using a cached pointer instead of making a remote call to get the pointer.