Re: sn.exe -Vr assembly

From: Michel Gallant (neutron_at_istar.ca)
Date: 01/27/05

• Next message: Nicole Calinoiu: "Re: sn.exe -Vr assembly"
• Previous message: Nicole Calinoiu: "Re: No touch install throwing FileLoadException Failed to grant required minimum permissions to assembly"
• In reply to: Nicole Calinoiu: "Re: sn.exe -Vr assembly"
• Next in thread: Nicole Calinoiu: "Re: sn.exe -Vr assembly"
• Reply: Nicole Calinoiu: "Re: sn.exe -Vr assembly"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 27 Jan 2005 08:21:22 -0500

Much of security is ALL about trust. Technology is such a small
part of it. You don't trust people developing/deploying your web apps
infrastructure? all bets are off!
Don't trust Verisign's ability to verify clients purchasing code-signing
certificates? or SSL certs?
Then never trust any signed or SSL sites again, of signed cab software updated blahhh ...

 - Mitch Gallant
   MVP Security

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:uWoOeAHBFHA.2788@TK2MSFTNGP15.phx.gbl...
> ""Shawn Farkas [MS]"" <shawnfa@online.microsoft.com> wrote in message
> news:getjnEzAFHA.3048@cpmsftngxa10.phx.gbl...
> > What this boils down to is that if you need to be sure that your exact
> > code
> > is being run, then you need to retain control over that code. One really
> > easy way to do that with .Net is to wrap your assembly in a web service,
> > and only ship to your clients the code that calls the web service.
>
> And what if you can't trust the folks who administer the web service
> environment? <gdr>
>

---

• Next message: Nicole Calinoiu: "Re: sn.exe -Vr assembly"
• Previous message: Nicole Calinoiu: "Re: No touch install throwing FileLoadException Failed to grant required minimum permissions to assembly"
• In reply to: Nicole Calinoiu: "Re: sn.exe -Vr assembly"
• Next in thread: Nicole Calinoiu: "Re: sn.exe -Vr assembly"
• Reply: Nicole Calinoiu: "Re: sn.exe -Vr assembly"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Least User Priviledges for Network Administrators ... Trust how? ... Do we trust them to maintain network equipment? ... Do we trust them to observe proper security practices on the desktop, ... Training users that need administrator access to logon as a regular ... (microsoft.public.windowsxp.security_admin) Re: That Old Anthrax Case ... trust anything that comes from the federal government anymore. ... to do with the anthrax mailings and sued the FBI, ... Apparantly security is rather lax and there are ... contractors who don't use such documentation. ... (soc.retirement) (Asp.Net Full Trust Vulnerabilities) RE: Apache VS IIS Security model question ... If the code is running with full trust it can call RevertToSelfand change ... last year at OWASP (Open Web Application Security Project), ... > Ethical Hacking at the InfoSec Institute. ... > learn to write exploits and attack security infrastructure. ... (Pen-Test) Re: (Asp.Net Full Trust Vulnerabilities) RE: Apache VS IIS Security model question ... However I am still unsure how an ASP.NET application, running in Full Trust, ... Each client of the server (say, each department of a company, or each ... Each website is placed into its own custom application pool ... Subject: RE: Apache VS IIS Security ... (Pen-Test) Re: [Full-disclosure] I give up, no more posts to Full-Disclosure and DailyDave about Full T ... when you happen to subscribe to more than one of the target lists. ... Microsoft and Sun. ... We were discussing the security ... advantages of Sandboxing (Partial Trust in .Net and Security Manager in ... (Full-Disclosure)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)