Using a secret argument might be easy to capture (create a fake program of same name as your Fortran program to capture the command line arguments).

An alternative method could be to set bInheritHandles in SECURITY_ATTRIBUTES and then use a handle to something more obscure/difficult to discover. For example, a memory mapped file, a pipe, event, mutex, etc... any of which that you can construct your "secret handshake".

Jim Dempsey

Passing a timestamp (even coded) to the program and check that it's not too old may avoid basic hacking.

All depend on the cost/benefit balance.

We have a similar situation.  I know the outline of our solution, but not the details.

We digitally sign the main function call to Fortran using one of the standard digital signature algorithms.   We use two sources of data:

• parameters hard coded into the Fortran DLL - essentially a private key shared with C#.  I think we try to conceal the definition of it using TRANSFER but this is probably a waste of time
• values concealed in "unused" fields in Fortran subprogram array arguments.  These are initialized to random values and then selected bytes are set to contain the values of interest.  These are extracted and combined in Fortran.

Initially we extracted eights scattered bytes of interest, XORed four bytes with our "32-bit private key" and compared them to the other 4 bytes.  We just return an internal error if authentication fails.  EDIT: We now use a proper crypto algorithm.

I think we now generate the GUI data in C++ as we were concerned about the security of the C# application.