RE: Questions on deploying apps on a file server

From: Shawn Farkas (shawnfa_at_online.microsoft.com)
Date: 01/28/04

• Next message: Simon Green: "Java can do it ... why not .NET ?"
• Previous message: Shawn Farkas: "RE: Security error when running .NET user control in IE"
• In reply to: Shannon Broskie: "Questions on deploying apps on a file server"
• Next in thread: Shannon Broskie: "Re: Questions on deploying apps on a file server"
• Reply: Shannon Broskie: "Re: Questions on deploying apps on a file server"
• Reply: Michel Gallant: "Re: Questions on deploying apps on a file server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 28 Jan 2004 19:54:50 GMT

Rather than signing with a Verisign certificate, you can sign with a keypair that you create with the sn tool. Then you can give FullTrust to any
assembly signed with that private key, and your applications will be able to run off of the file server with no problem. Here are some more details:

http://blogs.msdn.com/shawnfa/archive/2003/06/20/57023.aspx

-Shawn
http://blogs.msdn.com/shawnfa

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Note:  For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they 
originated.  
--------------------
>From: "Shannon Broskie" <shannonbroskie@tagfolio.com>
>Subject: Questions on deploying apps on a file server
>Date: Wed, 28 Jan 2004 08:59:14 -0500
>Lines: 41
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <u3Q15ba5DHA.2496@TK2MSFTNGP09.phx.gbl>
>Newsgroups: microsoft.public.dotnet.security
>NNTP-Posting-Host: cerberus.tagfolio.com 24.75.133.186
>Path: cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08.phx.gbl!
TK2MSFTNGP09.phx.gbl
>Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.security:4656
>X-Tomcat-NG: microsoft.public.dotnet.security
>
>-- Our current setup --
>We keep our apps centralized on a file server and our users simply run them
>from there using shortcuts on their desktop.  Being that we use Delphi, we
>do not have OCX/ActiveX controls or anything else needing to be set up on
>the local computer.
>
>Upon experimenting with .NET, we've run into security issues running apps
>from a file server.
>
>What are some suggestions for getting around this?  We would prefer not to
>have to run any type of setup on the local machine including
>assembly/application registration.  We're talking about a ton of computers,
>and the possibility of a new exe being rolled out in the middle of the day.
>
>** Keep in mind, setting up the applications on the local machine is not an
>option. **
>
>Aside from setting all code to fulltrust (I don't think so), the only other
>option we've come up with is basing our code off of signing our assemblies
>(publisher verification).  If this is the best option, we have some other
>questions...
>- We have a Verisign certificate for our secure website, is this good
>enough?
>- If we used this certificate, would our machines try to bounce up against
>Verisign everytime we launched an app?
>If it does verify, this is not an option as the apps need to work when the
>Internet connection is down.
>- When this certificate expires, would we need to recompile our programs
>with a new certificate?
>
>-- Is there a way to create an 'in house' certificate that does not expire?
>MakeCert creates certs for 'testing purposes only'.  Is this good enough for
>a permanent solution?
>
>Thanks for your input.
>
>-- 
>Shannon
>Richmond, VA
>
>
>

---

• Next message: Simon Green: "Java can do it ... why not .NET ?"
• Previous message: Shawn Farkas: "RE: Security error when running .NET user control in IE"
• In reply to: Shannon Broskie: "Questions on deploying apps on a file server"
• Next in thread: Shannon Broskie: "Re: Questions on deploying apps on a file server"
• Reply: Shannon Broskie: "Re: Questions on deploying apps on a file server"
• Reply: Michel Gallant: "Re: Questions on deploying apps on a file server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Access DEveloper Extensions 2003 ... distribution of run time 2003 apps? ... >>come from a Root Authority, i.e., Verisign or Thawte. ... >certificate as a root certificate in the client OS. ... > Microsoft Access Links, Hints, Tips & Accounting ... (microsoft.public.access.devtoolkits) Re: Prevent Acc 2003 JET Security Warning for MDE ... Sorry for the delay in getting back to you, Chris, I was ill for a few days ... resign the same app or sign different apps with the same certificate. ... GlobalSign digital certificate is a forgery and should be deleted without ... (microsoft.public.access.setupconfig) Questions on deploying apps on a file server ... We keep our apps centralized on a file server and our users simply run them ... have to run any type of setup on the local machine including ... If we used this certificate, would our machines try to bounce up against ... (microsoft.public.dotnet.security) Re: Java Web Start ... that is just a certificate for apps I wrote. ... Coaching, problem solving, economical contract programming. ... (comp.lang.java.programmer) Re: Questions on deploying apps on a file server ... to run off of the file server with no problem. ... >>We keep our apps centralized on a file server and our users simply run ... >>option we've come up with is basing our code off of signing our ... (microsoft.public.dotnet.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.security  > 2004-01