sn.exe -Vr assembly
From: Gecko (nada_at_nada.com)
Date: 01/20/05
- Next message: Gecko: "Re: CSP and Strong Name Key"
- Previous message: ALI-R: "How to Authenticate with a Webservice using Kerberos"
- Next in thread: Nicole Calinoiu: "Re: sn.exe -Vr assembly"
- Reply: Nicole Calinoiu: "Re: sn.exe -Vr assembly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Jan 2005 13:02:00 -0600
Is it possible for a hacker to run the strong name utility on a client
computer with the -Vr parameter to skip verification of *signed* assemblies
installed in the client computer rendering my whole strong name security
scenario useless?
Since most people are usually logged as Administrators, if I was a
disgruntled ex-employee and wanted to do some damage to my ex-employer, it
seems to me like if I could run the sn.exe utility on the client computer to
skip verification of the assemblies that I know my employer distributes and
replace them with my own and I could easily cause some good damage in the
name of my ex-employer.
I am still too new to this strong naming thing so forgive me if the question
is a silly one, thanks.
- Next message: Gecko: "Re: CSP and Strong Name Key"
- Previous message: ALI-R: "How to Authenticate with a Webservice using Kerberos"
- Next in thread: Nicole Calinoiu: "Re: sn.exe -Vr assembly"
- Reply: Nicole Calinoiu: "Re: sn.exe -Vr assembly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
