Hi all,
I am creating an assembly that will access a database to return record
details.
I need to deploy it to a 3rd Party and they will then be able to use
the assembly in their code to access the methods contained within the
assembly. As this assembly will effectively access the database then I
need to provide some security to stop unwanted access.
I am confused. If I deploy this assembly with a strong name and a
public key what will stop another user copying the assembly and
accessing it themselves using say reflection? I am slightly unsure what
I will need to provide the 3rd party with to allow them access to the
assembly and what I will need to do with the assembly to stop "anybody"
accessing it?
Could somebody please offer some advice please?
Thanks in advance
Jimski
1  1453 
Strong naming and the GAC give you some assurances, but not all of the
ones you're after, so I think you'll need more than just a strong name.
First of all, a strong name helps out with versioning, so if you're
deploying to a third party then you should definitely use strong
naming. That way if you release v2.0 of your code and the third party's
application depends upon v1.0, it won't break the contract, at least.
(The data is a whole other question, of course.)
The second thing that a strong name gives you is assurance that nobody
else can hack your code, alter it, and pass it off as your oroginal
DLL. Insert a trojan, for example.
However, it's still a DLL, and anyone can call it. I'm sure that there
are schemes for preventing unauthorized access. (Have to unlock the DLL
with a password, or some other such thing?) I've never tried doing it,
though, so someone else will have to comment on best practices.
Have you tried asking in / looking in microsoft.publi c.dotnet.securi ty?
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: |
last post by:
Hi,
I have some questions regarding security in .NET.
For customers, I have made an application in C#; an exe and some dlls.
- to prevent user from using my dlls directly, a good solution seems to use
strong name. It works fine in samples but I have problems to integrate
strong name when dll have external references like Interop.SHDocVw...and in
this case AllowPartiallyTrustedCallersAttribute doesn't work...
Is there a solution ?
|
by: Mike MacSween |
last post by:
S**t for brains strikes again!
Why did I do that? When I met the clients and at some point they vaguely
asked whether eventually would it be possible to have some people who could
read the data and some who couldn't but that it wasn't important right now.
And I said, 'sure, we can do that later'.
So now I've developed an app without any thought to security and am trying
to apply it afterwards. Doh!, doh! and triple doh!
|
by: Marina |
last post by:
Hi,
I am trying to find the minimum security settings to allow a windows control
embedded in IE have full trust.
If I give the entire Intranet zone full trust, this works. However, this is
very broad and gives the entire zone high privleges.
I tried giving just the assembly full trust (using the full URL for the
DLL), but this doesn't seem to work.
|
by: Anil Kripalani |
last post by:
I have a .NET Windows Forms application that I launch from a web browser.
The user clicks an HTTP link from an ASP.NET page that launches a .NET exe
(All .NET 1.1). The application runs fine so long as I change the IIS
virtual root "Execute Permissions" to "Scripts and Executables". Under
those circumstances however, when the application exits, I get the error:
CGI Error
The specified CGI application misbehaved by not returning a...
|
by: James |
last post by:
I have a VB windows forms application that accesses a Microsoft Access
database that has been secured using user-level security. The
application is being deployed using No-Touch deployment. The objective
in utilizing this new deployment method is to reduce the maintenance
overhead as well as making it easier for my users to setup and run the
application initially. I have VS 2002, Windows XP, Access XP(2000
format).
He is my problem....
| | |
by: James |
last post by:
I have a VB windows forms application that accesses a Microsoft Access
database that has been secured using user-level security. The
application is being deployed using No-Touch deployment. The objective
in utilizing this new deployment method is to reduce the maintenance
overhead as well as making it easier for my users to setup and run the
application initially. I have VS 2002, Windows XP, Access XP(2000
format).
He is my problem....
|
by: Bruce Wood |
last post by:
I still haven't gotten through the .NET Framework Security tome on my
desk. Maybe the folks here can answer a burning question.
I want to use strong naming at our organization as a security measure:
we could then indicate that any assemblies we signed are fully trusted,
and so deploy centrally rather than having to deploy on each server.
However, we still want to deploy by copying each app to a separate
deployment directory, rather...
|
by: Sergio E. |
last post by:
Hello,
I have a problem with masterpages and forms security.
I made a new Web site, in which I have my page of login like of beginning, a
master page with only a sitemappath object in it, the file of map of the
site,
the web.config and another page to do tests.
|
by: Sergio E. |
last post by:
Hello,
I have a problem with masterpages and forms security.
I made a new Web site, in which I have my page login.aspx as the homepage ,
a master page with only a sitemappath object in it, the file of map of the
site,
the web.config and another page to do tests.
In the page redirected from login there are a label and a combo (dropdown)
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
