Re: Code security newbie
From: Shawn Farkas [MS] (shawnfa_at_online.microsoft.com)
Date: 07/25/03
- Next message: c duden: "WindowsIdentity.Impersonate AND Win2k3"
- Previous message: Shawn Farkas [MS]: "RE: .Net scurity drives me nuts"
- In reply to: Dave: "Re: Code security newbie"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Jul 2003 02:06:12 GMT
In the end, both accomplish the same task. Declarative security may be easier to use, since you don't have to create new objects, and demand them at run time. However, since the security
demands you need are compiled in by the compiler, you cannot have any dynamic demands. For instance, if you want to demand File IO Permission for a directory that you won't know until runtime,
you need to use Imperative security.
-Shawn
-- This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated. -------------------- >From: "Dave" <dave@dave> >References: <uO6QaUCTDHA.940@TK2MSFTNGP11.phx.gbl> <LD$keaKTDHA.1924@cpmsftngxa06.phx.gbl> <OTdgyWMTDHA.1588@TK2MSFTNGP11.phx.gbl> <OK#0e#UTDHA.2316 @tk2msftngp13.phx.gbl> <WS$s0UVTDHA.1636@cpmsftngxa06.phx.gbl> >Subject: Re: Code security newbie >Date: Mon, 21 Jul 2003 11:43:19 +1000 >Lines: 170 >X-Priority: 3 >X-MSMail-Priority: Normal >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >Message-ID: <##2GzlyTDHA.2264@TK2MSFTNGP11.phx.gbl> >Newsgroups: microsoft.public.dotnet.security >NNTP-Posting-Host: 203-56-186-235.netspeed.com.au 203.56.186.235 >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl >Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.security:2141 >X-Tomcat-NG: microsoft.public.dotnet.security > >Hi Shawn, > >Your input is greatly appreciated. What are the advantages of imperative >versus declarative security? > >Cheers, > >Dave > > >""Shawn Farkas [MS]"" <shawnfa@online.microsoft.com> wrote in message >news:WS$s0UVTDHA.1636@cpmsftngxa06.phx.gbl... >> This is true, there will be a built-in "link demand or" in the 1.2 >release, however, this applies only to declarative security. If you're >doing this imperatively (as I suggested), then you can work around it by >> doing the following: >> >> public bool IsAllowedToRun() >> { >> try >> { >> publicKeyOne.Demand(); >> } >> catch(SecurityException) >> { >> try >> { >> publicKeyTwo.Demand(); >> } >> catch(SecurityException) >> { >> return false; // neither key was held >> } >> } >> return true; // at least one of the keys was held >> } >> >> -Shawn >> -- >> >> This posting is provided "AS IS" with no warranties, and confers no >rights. Use of included script samples are subject to the terms specified at >http://www.microsoft.com/info/cpyright.htm >> >> Note: For the benefit of the community-at-large, all responses to this >message are best directed to the newsgroup/thread from which they >originated. >> -------------------- >> >Reply-To: "Patrick Mac Kay" <pmackay@hotmail.com> >> >From: "Patrick Mac Kay" <pmackay@hotmail.com> >> >References: <uO6QaUCTDHA.940@TK2MSFTNGP11.phx.gbl> ><LD$keaKTDHA.1924@cpmsftngxa06.phx.gbl> ><OTdgyWMTDHA.1588@TK2MSFTNGP11.phx.gbl> >> >Subject: Re: Code security newbie >> >Date: Fri, 18 Jul 2003 13:17:34 -0400 >> >Lines: 91 >> >X-Priority: 3 >> >X-MSMail-Priority: Normal >> >X-Newsreader: Microsoft Outlook Express 6.00.3790.0 >> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0 >> >Message-ID: <OK#0e#UTDHA.2316@tk2msftngp13.phx.gbl> >> >Newsgroups: microsoft.public.dotnet.security >> >NNTP-Posting-Host: 200.27.110.102 >> >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl >> >Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.security:2124 >> >X-Tomcat-NG: microsoft.public.dotnet.security >> > >> >Hi, >> > >> > with the 1.1 framework version, you can only allow 1 public key. With >> >the 1.2 version, we (i have the same problem) can allow more than one >public >> >key, like using "or". >> > >> >Patrick. >> > >> >"Dave" <dave@dave> wrote in message >> >news:OTdgyWMTDHA.1588@TK2MSFTNGP11.phx.gbl... >> >> Hi Shawn, >> >> >> >> Thanks for your answer and I'll probably use strong names. >> >> >> >> How do you allow a method to be accessed by one of two public keys? >> >> >> >> Cheers, >> >> >> >> Dave >> >> >> >> >> >> ""Shawn Farkas [MS]"" <shawnfa@online.microsoft.com> wrote in message >> >> news:LD$keaKTDHA.1924@cpmsftngxa06.phx.gbl... >> >> > Hi Dave, >> >> > >> >> > Strong names is probably your best bet. You could generate a key >that >> >you >> >> want to give to third parties to sign their code with, which >> >> > doesn't have to necessarially be the same key as the one that you use >on >> >> your code. Then inside your class libraries, you can create a >> >> > StrongNameIdentityPermission based upon that key and demand it. >> >> > >> >> > -Shawn >> >> > >> >> > -- >> >> > >> >> > This posting is provided "AS IS" with no warranties, and confers no >> >> rights. Use of included script samples are subject to the terms >specified >> >at >> >> > http://www.microsoft.com/info/cpyright.htm >> >> > >> >> > Note: For the benefit of the community-at-large, all responses to >this >> >> message are best directed to the newsgroup/thread from which they >> >> > originated. >> >> > -------------------- >> >> > >From: "Dave" <dave@dave> >> >> > >Subject: Code security newbie >> >> > >Date: Thu, 17 Jul 2003 15:34:39 +1000 >> >> > >Lines: 17 >> >> > >X-Priority: 3 >> >> > >X-MSMail-Priority: Normal >> >> > >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 >> >> > >X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >> >> > >Message-ID: <uO6QaUCTDHA.940@TK2MSFTNGP11.phx.gbl> >> >> > >Newsgroups: microsoft.public.dotnet.security >> >> > >NNTP-Posting-Host: 203-56-186-235.netspeed.com.au 203.56.186.235 >> >> > >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl >> >> > >Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.security:2090 >> >> > >X-Tomcat-NG: microsoft.public.dotnet.security >> >> > > >> >> > >Hi, >> >> > > >> >> > >I have a requirement to secure our various .Net business rules DLL's >so >> >> they >> >> > >can only be called from our GUI executable and another 3rd party >> >product >> >> > >developed with Visualage Smalltalk. Ideally I would like a >> >configurable >> >> > >solution so I can turn on and off access to each class and possibly >> >> method >> >> > >in the various business rule DLL's. Everything I've read indicates >a >> >> public >> >> > >key is a good way of securing code but this will give the 3rd party >> >> > >carte-blanche access and doesn't give me any control. The other >> >problem >> >> > >with public keys is I have no way of knowing if these will integrate >> >with >> >> > >smalltalk. Does anybody have any suggestions? >> >> > > >> >> > >Cheers, >> >> > > >> >> > >Dave >> >> > > >> >> > > >> >> > > >> >> > >> >> > >> >> >> >> >> > >> > >> > >> >> > > >
- Next message: c duden: "WindowsIdentity.Impersonate AND Win2k3"
- Previous message: Shawn Farkas [MS]: "RE: .Net scurity drives me nuts"
- In reply to: Dave: "Re: Code security newbie"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
