Re: Can I set security to be only strong-name based?
From: Peter Torr \(MS\) (ptorr_at_microsoft.com)
Date: 06/17/04
- Next message: Peter Torr \(MS\): "Re: Protecting Assembly Linkage"
- Previous message: Chris Kunicki: "Re: Protecting Assembly Linkage"
- In reply to: Stephen Bullen: "Re: Can I set security to be only strong-name based?"
- Next in thread: Stephen Bullen: "Re: Can I set security to be only strong-name based?"
- Reply: Stephen Bullen: "Re: Can I set security to be only strong-name based?"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 17 Jun 2004 09:58:04 -0700
"Stephen Bullen" <stephen@bmsltd.ie> wrote in message
news:VA.000001f1.00c76ffe@bmsltd.ie...
> I don't know <g>. I'm thinking of the 'Locked down PC' situation, where
> the
> user's working area is on a network (so it's automatically included in the
> network backup and disaster recovery etc). So if their 'My Documents' is
> actually mapped to a network path, is that 'My Computer' or
> 'LocalIntranet'?
Mapped drives are LocalIntranet... so you will need this (and thus at least
a 1-time admin installation phase... although you could use SMS / GP or
similar technology if you have it at your disposal).
> Which reminds me: Does VSTO stuff need FullTrust? I noticed that the
> policies
> VSTO itself creates are just Execute. What's the difference (in layman's
> terms
> <g>)?
Execution is "the right to execute" and nothing else -- basically you can
add 2+2 or find the length of a string, but you don't have permission to
display the result inside a MessageBox. It is perfectly acceptable for
helper libraries that do computation but no I/O of their own (eg, you could
imagine a helper library for Excel that did some kind of statistical
analysis; it wouldn't need anything other than the right to execute).
FullTrust is "the right to do anything the user can do," such as read and
write files, connect to remote machines over the network, display UI, make
their own security decisions, etc.
VSTO grants Execution to the project's folder so that any satellite
(resource) DLLs can be loaded, and any helper libraries used by the
application can execute (although they may fail with security errors if they
try to access the host OM or show UI or do other things). It explicitly
grants FullTrust to the main assembly of the solution though, since it is
REQUIRED for any code that talks to Office.
Peter
-- Please post questions to the newsgroup - everyone benefits. This post is provided "AS IS" with no warranties, and confers no rights Sample code subject to http://www.microsoft.com/info/cpyright.htm Office / Security / Random weblog -- http://weblogs.asp.net/ptorr
- Next message: Peter Torr \(MS\): "Re: Protecting Assembly Linkage"
- Previous message: Chris Kunicki: "Re: Protecting Assembly Linkage"
- In reply to: Stephen Bullen: "Re: Can I set security to be only strong-name based?"
- Next in thread: Stephen Bullen: "Re: Can I set security to be only strong-name based?"
- Reply: Stephen Bullen: "Re: Can I set security to be only strong-name based?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
