Geeks With Blogs
Simon Cooper Peering into the depths of .NET May 2013 Entries
.NET Security Part 4
Finally, in this series, I am going to cover some of the security issues that can trip you up when using sandboxed appdomains. DISCLAIMER: I am not a security expert, and this is by no means an exhaustive list. If you actually are writing security-critical code, then get a proper security audit of your code by a professional. The examples below are just illustrations of the sort of things that can go wrong. 1. AppDomainSetup.ApplicationBase The most obvious one is the issue covered in the MSDN documentation ......

Posted On Tuesday, May 28, 2013 12:14 PM

.NET Security Part 3
You write a security-related application that allows addins to be used. These addins (as dlls) can be downloaded from anywhere, and, if allowed to run full-trust, could open a security hole in your application. So you want to restrict what the addin dlls can do, using a sandboxed appdomain, as explained in my previous posts. But there needs to be an interaction between the code running in the sandbox and the code that created the sandbox, so the sandboxed code can control or react to things that ......

Posted On Thursday, May 16, 2013 5:52 PM

.NET Security Part 2
So, how do you create partial-trust appdomains? Where do you come across them? There are two main situations in which your assembly runs as partially-trusted using the Microsoft .NET stack: Creating a CLR assembly in SQL Server with anything other than the UNSAFE permission set. The permissions available in each permission set are given here. Loading an assembly in ASP.NET in any trust level other than Full. Information on ASP.NET trust levels can be found here. You can configure the specific permissions ......

Posted On Tuesday, May 7, 2013 4:15 PM

.NET Security Part 1
Ever since the first version of .NET, it's been possible to strictly define the actions and resources a particular assembly can use, and, using Code Access Security, permissions to perform certain actions or access certain resources can be defined and modified in code. In .NET 4, the system was completely overhauled. Today, I'll be starting a look at what the security model is in .NET 4, how you use it, and what you can do with it. Partial and full-trust assemblies Most developers aren't affected ......

Posted On Thursday, May 2, 2013 5:51 PM

Copyright © simonc | Powered by: