Human error in .NET framework
From: Doman Maciejko (doman.is@home.se)
Date: 03/30/03
- Previous message: Erik Porter [.NET MVP]: "Re: how to allow only one concurrent login at a time on web"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Doman Maciejko" <doman.is@home.se> Date: Sun, 30 Mar 2003 11:44:23 +0200
I have a question about the security in .NET in general.
As more I read about the security in .NET, the more I understand that the
code programmer and the local administrator have a very significant role.
It's up to the programmer to use the options that comes with permissions,
lock out permissions you don't need etc, in general make the assemblies as
specific for the purpose as possible, without loosing al flexibility. The
administrator will probably have to give specific permissions to specific
programs on the co-workers demand and have to adjust the security to the
demands they have, jeopardizing the security.
I don't mean that this is a new problem in general, but haven't the focus in
.NET on being a flexible platform made this problem more significant?
Metadata is supposed to give information to the code access security model,
to be a part in the security architecture in general. Is that the main
reason why Microsoft has focused so much at metadata, or is the flexibility
for the programmers in focus? How will the next step look like? Is this step
succesfull one? Or do we have to take a step backwards and start all over?
/Doman Maciejko
- Previous message: Erik Porter [.NET MVP]: "Re: how to allow only one concurrent login at a time on web"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
