Re: Role-based-Security... just switch it off
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 18 Dec 2006 14:46:18 +0000 (UTC)
Hi,
well - you can only do a caspol -s off if you are an administrator. Users with administrative privileges can do everything to your system or your application.
Besides that you can check if SecurityManager.SecurityEnabled is true.
-----
Dominick Baier (http://www.leastprivilege.com)
Hi all,
I am trying to implement role based security in my C# program (define
generic user, define roles and a generic principal during startup of
the program).
With "[PrincipalPermission(SecurityAction.Demand, Name=@"xxx",
Role=@"yyy")]" I am trying to protect some areas of the code.
A good example is the role "Teller1000$" and "Teller1Mio$". The first
guy is allowed to do transactions up to 1000$, the second guy up to
1Mio.
It is crutial that these demands are enforced.
But if I open a command line and type "caspol -security off" everybody
is allowed to do everything!!!!!!
What is an elegant way to make sure, that my security policies cannot
be switched off?
Are there other ways to go around role based security which i have
close?
thanks a lot
Daniel
.
- References:
- Role-based-Security... just switch it off
- From: Daniel
- Role-based-Security... just switch it off
- Prev by Date: Re: GetOwner and IdentityNotMappedException
- Next by Date: Re: Role-based-Security... just switch it off
- Previous by thread: Role-based-Security... just switch it off
- Next by thread: Re: Role-based-Security... just switch it off
- Index(es):
Relevant Pages
|
