5.1 Security Considerations for Implementers

The transaction processing protocol that is defined by this specification is intended for use in an environment where all participants are trusted to collaborate in driving transactions toward a final outcome.

Misuse of this transaction processing protocol can enable participants to perform simple denial of service attacks on their transaction managers. Because transaction managers generally communicate with multiple participants simultaneously, this condition represents a denial of service to other participants.

Consequently, implementers are strongly encouraged to take the following steps to ensure that transaction processing occurs in a secure environment:

  • Each participant follows the security level usage outlined in [MS-DTCO] (section 2.1.2.1).

  • No transaction remains In Doubt for a longer period of time than the application's higher-layer business logic accepts.