Re: .NET Security
- From: Mike <unknown@xxxxxxxxxx>
- Date: Tue, 02 Jun 2009 01:29:33 -0400
Jack, these links are proving to be useful:
The Simple Sandboxing API
http://blogs.msdn.com/shawnfa/archive/2005/08/08/449050.aspx
And I haven't read it all yet, but 4.0 supposedly makes all is work like native code one again with the EXE controlling what security is used.
So it seems like we are coming to a full circle. :-)
--
Mike wrote:
Jack Jackson wrote:.
As far as I know your two choices are:>
1. Run caspol on each workstation, which changes the security for
everything on the share, not just your program. I do not know other
implications of this.
2. Install .NET 3.5 SP1. Your app does not have to target 3.5, this
service pack changes the security rules for all 2.0 and higher apps to
allow them to run from network shares.
Does it relax it? I might have heard wrong, but for VS 2010, Microsoft has reverted or done something so that this isn't so unpredictable or the developer has more precise control. Not sure since I am catching up to all this. I'll read up more on the security rules patch. This comment in MSDN was very puzzling and concerning:
Partial Trust
...
What is not allowed in partial trust? That is not easy to
determine. Each class and each method of each class in the .NET
Framework has a security attribute that defines the level of
trust needed to run that method, and that attribute may not be
accessible at run time because of just these security features.
I hope MS makes this a non-issue to help minimize any exploitation caused by the frustrations of developers and users lowering their guards because they can't get anything done or isn't straight forward - my security hat opinion.
What I did just now was to use MSCORCFG.MSC to alter the local intranet setting. This change will be great for internal development and testing but of course, I can't tell customers to do this. So I would like to be able to sandbox our own customer trusted apps.
The problem seems to be that while I can change the permission for the EXE and our DLL, I haven't figure out how to change all the dependencies (the partial trust issue above).
I did see I can create my own Code Group but have not seen yet how to apply it to the applications and dll, i.e, how do you assign it to the application or assembly? This appears as the sandbox solution I need to figure out.
This MSDN C# example on how to System.Security.Permissions programmatically did not work for me:
http://msdn.microsoft.com/en-us/library/aa288469(VS.71).aspx#vcwlksecuritytutorialsuppressingsecurity
until I added full trust to the Local Intranet setting via MSCORCFG.MSC which of course, made those commands useless.
It seems to be a chicken and egg thing. You need to start an application on a local drive, then change the permission and change directory to a shared drive and continue the process. :-)
Thanks for your input.
--
- Follow-Ups:
- Re: .NET Security
- From: Mike
- Re: .NET Security
- References:
- .NET Security
- From: Mike
- Re: .NET Security
- From: Mike
- Re: .NET Security
- From: Jack Jackson
- Re: .NET Security
- From: Mike
- .NET Security
- Prev by Date: Re: Is this normal Listbox behavior?
- Next by Date: Treeview windowstate save and restore
- Previous by thread: Re: .NET Security
- Next by thread: Re: .NET Security
- Index(es):
Relevant Pages
|
