Re: Is Strong Naming is Tamper-Proof?
From: William Stacey [MVP] (staceywREMOVE_at_mvps.org)
Date: 11/30/04
- Next message: Naveen: "RE: Load Testing Errors"
- Previous message: Rob Teixeira: "Re: Remoting security"
- In reply to: Michael Giagnocavo [MVP]: "Re: Is Strong Naming is Tamper-Proof?"
- Next in thread: Rahul Kumar: "Re: Is Strong Naming is Tamper-Proof?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Nov 2004 01:33:19 -0500
Nice little program too. I saw that couple days ago while trying to figure
out the same thing. Good articles too. Thanks.
Also, I think I read somewhere that SNs where not developed to provide assem
security per se, but to provide robust namespace (i.e. unique) for type
references/versions, etc.
-- William Stacey, MVP http://mvp.support.microsoft.com "Michael Giagnocavo [MVP]" <mggUNSPAM@atrevido.net> wrote in message news:OD2DIKZ1EHA.1860@TK2MSFTNGP15.phx.gbl... > Let me clarify -- it's not tamper proof against the user of a system, i.e., > the person it's trying to protect. If I want the runtime to run an assembly, > then it will run it, if I own the system. Basic law of security. > > I wrote up a small program to replace the strong name on a modified > assembly: > http://www.atrevido.net/blog/PermaLink.aspx?guid=f772c18a-f389-4c28-bd6a-a30f4ccc84f5 > > -- > Michael Giagnocavo > MVP > www.atrevido.net > > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message > news:eFiyYVI1EHA.1152@TK2MSFTNGP14.phx.gbl... > > How would you see strong naming preventing "someone sending you a > > malicious assembly" if it isn't tamper-proof? > > > > > > "Michael Giagnocavo [MVP]" <mggUNSPAM@atrevido.net> wrote in message > > news:ep6PHH%230EHA.3468@TK2MSFTNGP14.phx.gbl... > >> No, strong naming does not prevent the user of a system from tampering > >> with assemblies. Strong naming provides help with versioning, as well as > >> protection from assembly corruption (say, when downloading), or someone > >> sending you a malicious assembly. However, it won't prevent someone from > >> cracking your assembly or likewise. > >> > >> -- > >> Michael Giagnocavo > >> MVP > >> www.atrevido.net > >> > >>> "Gopalakrishnan" <Gopalakrishnan@discussions.microsoft.com> wrote in > >>> message > >>> news:3CAB6636-2096-488A-B6C1-8E92FFF3AB23@microsoft.com... > >>>> I read one article at CodeProject (www.CodeProject.com) where the > >>>> author > >>> was > >>>> telling how even Strong Named assemblies can be tampered with, by using > >>> the > >>>> IL code (generated from ILDASM). So, is Strong Naming really > >>>> tamper-proof? > >>>> -- > >>>> Warm Regards, > >>>> N.T.GOPALAKRISHNAN > >>>> > >>> > >>> > >> > >> > > > > > >
- Next message: Naveen: "RE: Load Testing Errors"
- Previous message: Rob Teixeira: "Re: Remoting security"
- In reply to: Michael Giagnocavo [MVP]: "Re: Is Strong Naming is Tamper-Proof?"
- Next in thread: Rahul Kumar: "Re: Is Strong Naming is Tamper-Proof?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
