Re: assembly verification

From: Nicole Calinoiu (nicolec_at_somewhere.net)
Date: 07/28/04

Next message: Joe Kaplan \(MVP - ADSI\): "Re: Restrict access to a single user"
Previous message: BradyIPT: "Install Security Policy for Windows form control in IE?"
In reply to: DM: "assembly verification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 28 Jul 2004 14:54:57 -0400

A strong name is used by the CLR to verify that an assembly's contents match
those at the time of its signing. It is meant to be a means of identifying
the kinds of changes you seem to be worried about (see, for example,
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconstrong-namedassemblies.asp).
However, this load-time verification can be disabled, which may or may not
be a problem in your "wild" environment.

As for the assemblies that are being loaded, what would define the criteria
for a "proper application"? Is there only one? If not, are they all
authored by you? If not, what other information could one of the loaded
assemblies use to determine if its caller is acceptable?

"DM" <darek@m-core.pl> wrote in message
news:d8c12246.0407270647.b32959c@posting.google.com...
> Hello.
>
> I'm about writing an application which would extensively
> use reflections and dynamic assemblies loading.
> The application will operate in a rather wild environment,
> so I need some method which would let me verify that an assembly
> that I'm about to load is not altered or forged
> and vice versa - assembly must have a mean to check if
> it is activated by a "proper" application.
> Browsing trough the web lead me to assembly signing, but
> it's purpose seems to be something else.
>
> Is there any method which could be used is such case?
> I would like the verification process to be as simple as
> possible.
>
> Thank you for all suggestions.
>
> --
> DM

Next message: Joe Kaplan \(MVP - ADSI\): "Re: Restrict access to a single user"
Previous message: BradyIPT: "Install Security Policy for Windows form control in IE?"
In reply to: DM: "assembly verification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Latebinded assemblies: strongname verification
... I am having a a plugin-framework, where I need to load assemblies (the ... How can I verify the keypair of a loaded assembly? ...
(microsoft.public.dotnet.languages.csharp)
Latebinded assemblies: strongname verification
... I am having a a plugin-framework, where I need to load assemblies (the ... How can I verify the keypair of a loaded assembly? ...
(microsoft.public.dotnet.security)
Re: Detect if assembly exists
... Now I only need to know the assemblies which the CLR would load in the ... filesystem (not the GAC). ... I think I can determine the directory which the CLR ... Could someone verify ...
(microsoft.public.dotnet.framework.clr)
Re: Assembly.Load fails after assembly preloaded using Assembly.LoadFrom (v1.1.4322)
... > The LoadFrom works fine I verify that it has been loaded into the ... > domain (however pointless this seems) and that it has a strong name. ... to tell the fusion layer where to look when locating assemblies. ...
(microsoft.public.dotnet.framework.clr)
Re: Sharing Code
... But this is a red-herring you've thrown in and really has nothing to do with the general precept and good practice of signing any assembly you create because it is *the easiest thing to do* when creating the most flexible of assemblies. ... How are you making it sound oh so time consuming to add a reference to a key file when you know damn well it takes seconds, which in any normal developer's book is zero-effort. ... in order to avoid warnings I moved the signing from AssemblyInfo to the properties pane. ...
(microsoft.public.dotnet.languages.csharp)