Re: Concerns about exception string revealing internals/data about

From: "Ben Voigt" <rbv@xxxxxxxxxxxxx>
Date: Fri, 8 Sep 2006 08:10:01 -0500

"Greg Young" <druckdruckREMOVEgoose@xxxxxxxxxxx> wrote in message
news:OXGka9u0GHA.2636@xxxxxxxxxxxxxxxxxxxxxxx

Sorry in last post I meant an "unhandled" exception should never be shown
to a user

And this is still bad policy. If you can't find your assemblies, I want (at
least!) to know it's a "FileNotFoundException" so I can fire up filemon and
start tuning ACLs.

.

Follow-Ups:
- Re: Concerns about exception string revealing internals/data about
  - From: Greg Young

References:
- RE: Concerns about exception string revealing internals/data about
  - From: "Jeffrey Tan[MSFT]"
- RE: Concerns about exception string revealing internals/data about
  - From: John K
- Re: Concerns about exception string revealing internals/data about
  - From: Greg Young

Prev by Date: Re: Concerns about exception string revealing internals/data about
Next by Date: Re: Concerns about exception string revealing internals/data about
Previous by thread: Re: Concerns about exception string revealing internals/data about
Next by thread: Re: Concerns about exception string revealing internals/data about
Index(es):
- Date
- Thread

Relevant Pages

Re: HOWTO Install security with CASPOL for UserControls
... I stated that new assemblies would be added rapidly over ... It is possible to distribute policy modifications over a network by various ... grant additional permissions on top of existing custom policy, ... your controls) require unrestricted permissions on client machines. ...
(microsoft.public.dotnet.security)
Re: Locking down CAS policy
... there are the assemblies located that get dynamically generated by asp.net ... Dominick Baier, DevelopMentor ... the Machine Policy. ... And the only thing i did to that was remove the code groups other than ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Locking down CAS policy
... CAS policy has 3 levels - you are right that My_Computer in machine policy grants full trust - but there is another policy level called the appdomain level that is applied programmatically. ... You application doesn't even have enough permissions to read files (including assemblies) outside of the application directory ... put on the server that the app runs from, ... you shouldn't mock with the existing code groups - they grant the ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Assembly could not be installed because existing policy would keep it from being used
... safe assemblies. ... Assembly 'MyAssembly' could not be installed because existing policy ... policies and they all seem to allow execution. ...
(microsoft.public.sqlserver.security)
Re: Locking down CAS policy
... Dominick Baier, DevelopMentor ... CAS policy has 3 levels - you are right that My_Computer in machine ... read files (including assemblies) outside of the application ...
(microsoft.public.dotnet.framework.aspnet.security)