5.1 Security Considerations for Implementers

The transaction processing protocol that is defined by this specification is intended for use in an environment where all participants are trusted to collaborate in driving transactions toward a final outcome.

Misuse of this transaction processing protocol can enable participants to perform simple denial of service attacks on their transaction managers. Because transaction managers generally communicate with multiple participants simultaneously, this condition represents a denial of service to other participants.

Consequently, implementers need to take the following steps to ensure that transaction processing occurs in a secure environment:

• Each participant initializes MSDTC Connection Manager: OleTx Transports Protocol sessions by using Mutual Authentication,<8> as described in [MS-CMPO].

• No transaction remains In Doubt for a longer period of time than the application's higher-layer business logic accepts.

• An implementation has the option to further restrict its exposure to security vulnerabilities by initializing the LU Transactions Enabled flag, defined in section 3.2.1, to FALSE.<9>