Re: Marshal class and security

From: Crirus (Crirus_at_datagroup.ro)
Date: 10/27/03

• Next message: Jeff Benson: "Re: Enabling Access to Private Fields"
• Previous message: Jason Garland \(Secure Access Pty Ltd\): "CASPOL & Scripting ?"
• In reply to: Pieter Philippaerts: "Re: Marshal class and security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 27 Oct 2003 13:23:20 +0200

My thoughts exactly...I'm frustrated by this GDI+ limitations.... I dont
have some transparence routines like MaskBlt of GDI
And the other ways are too slow without memory acces with Marshal

Thanks, anyway

Crirus

"Pieter Philippaerts" <Pieter@nospam.mentalis.org> wrote in message
news:eATHMYpmDHA.744@tk2msftngp13.phx.gbl...
> "Crirus" <Crirus@datagroup.ro> wrote in message
> > I need to make a internet ActiveX.
> > I have to use Marshal class to make some bitmap manipulations work
faster.
> > What security I need in order to make it work?
>
> The methods of the Marshal class require the UnmanagedCode security
> permission. This is a permission that a program run from disk has, but a
> program run from a website generally doesn't have [unless the
administrators
> are insane ;-)].
>
> > CAn someone give me some short descriptions of each implication of a
> > security issue in my case?
>
> Giving an application the UnmanagedCode permission means that it can call
> into native DLLs and thereby completely avoid the .NET security model.
This
> effectively means that the application gets out of its .NET sandbox and
> can -for instance- delete all the user's files.
> This is something you wish to avoid when running an application from a
> website, so the default setting is that web applications do not have this
> permission.
>
> Regards,
> Pieter Philippaerts
> Managed SSL/TLS: http://www.mentalis.org/go.php?sl
>
>

---

• Next message: Jeff Benson: "Re: Enabling Access to Private Fields"
• Previous message: Jason Garland \(Secure Access Pty Ltd\): "CASPOL & Scripting ?"
• In reply to: Pieter Philippaerts: "Re: Marshal class and security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Marshal class and security ... > I have to use Marshal class to make some bitmap manipulations work faster. ... The methods of the Marshal class require the UnmanagedCode security ... This is a permission that a program run from disk has, ... (microsoft.public.dotnet.security) Re: API Call vs Security ... >case from gdi), Me or the user of the application, need to configure some ... >security issue? ... You need permission to call unmanaged code, ... (microsoft.public.dotnet.framework.interop) Re: Server Reports empty ... Security Exception ... To grant this application the required permission ... The server will start to collect new counter value from ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: Code Access Security, Evidence Based Security, Code Access Permission, Role Based Permission, et ... confused on the relationship between Code Access Security, Evidence Based ... Security, Code Access Permission, Role Based Permission, Declarative and ... user running it (if this is true, then only the Identity Permission Code ... (microsoft.public.dotnet.security) RE: Do all three permission classes (Identity Permission, Code Access Permission and Role Based Perm ... That is correct -- the inputs to CAS for each assembly are that assembly's evidence and the current security policy. ... classify them as a code access permission and an identity permission, since StrongNameIdentityPermission is also a code access security ... (microsoft.public.dotnet.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.security  > 2003-10