Re: Security Policy Confusion...
From: DT (anonymous_at_discussions.microsoft.com)
Date: 10/27/04
- Previous message: Mary Chipman: "Re: protecting .NET assemblies against hackers"
- In reply to: Nicole Calinoiu: "Re: Security Policy Confusion..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Oct 2004 07:03:57 -0700
Many thanks that's a great help
>-----Original Message-----
>Permissions granted by code groups within a policy level
are unioned, not
>intersected, by default. This means that your assembly
will be granted the
>sum of all permissions permitted within the policy
level, not the most
>restrictive permissions defined by any single group.
Since your assembly
>presumably meets the membership condition for at least
one other code group
>(most likely My_Computer_Zone or LocalIntranet_Zone), it
would be receiving
>the execution permission from that other group.
>
>To prevent permissions from other groups being granted
to assemblies that
>meet the membership conditions for your group, mark your
group as exclusive
>(see
>http://msdn.microsoft.com/library/en-
us/cpguide/html/cpconadministrationwithcodegroupattributes
.asp
>for details).
>
>For an overview of how the .NET Framework computes a
given assembly's
>permissions based on policy, see
>http://msdn.microsoft.com/library/en-
us/cpguide/html/cpconcomputingallowedpermissionset.asp.
>
>HTH,
>Nicole
>
>
>
>"DT" <dt@nospam.co.uk> wrote in message
>news:417ec11a$0$87823$65c69314@mercury.nildram.net...
>> Hi,
>>
>> In an effort to learn about the .NET security
settings I tried a simple
>> experiment. I created a noddy console application and
assigned it a
>> strong name. I then extracted the public key token
from the assembly.
>> This was all on my local disk. I then tried stop the
console application
>> be executed be giving it the permission set
of 'Nothing' using the .NET
>> configuration tool.
>>
>> Here are the steps I took
>>
>> 1) I created a new code group in the user code groups
section under all
>> code.
>> 2) I then set the condition type to 'Strong Name' and
supplied the token
>> from my assembly.
>> 3) I then set the permission set to 'Nothing'
>>
>> Once I'd completed this I tried to run the console
application again, and
>> it runs fine? I expected it to be denied execution
rights?
>>
>> Can anybody help me in making sense of my mistakes /
misunderstanding?
>>
>> Any url's to articles would be a great help!
>>
>> many thanks
>>
>> DT
>>
>>
>>
>
>
>.
>
- Previous message: Mary Chipman: "Re: protecting .NET assemblies against hackers"
- In reply to: Nicole Calinoiu: "Re: Security Policy Confusion..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
