MICROSOFT IF YOU WANT TO STOP SECURITY LEAKS IN DEVELOPERS CODE TRY MAKING
THE DOCUMENTATION ON HOW TO SECURE .NET APPLICATION UNDERSTANDABLE, TRY
WRITING IT IN ENGLISH AND NOT JARGON.
ALL I WANTED TO KNOW WAS HOW TO DETERMINE WHICH PERMISSIONS AN ASSEMBLY
NEEDS AND HOW TO DENY ALL OTHER PERMISSIONS
BUT YOU CAN'T DO THIS EASILY.
EARTH WORM JIM
10  1180 
OH AND NOT EVERY DEVELOPER WANTS TO BECOME A SECURITY EXPERT JUST SO THAT
THEY CAN GET THERE APPLICATION OUT THERE IS THE REAL WORLD.
IS IT TO MUCH TO ASK FOR A COMPLETE EXAMPLE AND NOT JUST STUPID EXAMPLES
"Earth Worm Jim" <sdd> wrote in message
news:ev**************@TK2MSFTNGP10.phx.gbl... MICROSOFT IF YOU WANT TO STOP SECURITY LEAKS IN DEVELOPERS CODE TRY MAKING
THE DOCUMENTATION ON HOW TO SECURE .NET APPLICATION UNDERSTANDABLE, TRY
WRITING IT IN ENGLISH AND NOT JARGON.
ALL I WANTED TO KNOW WAS HOW TO DETERMINE WHICH PERMISSIONS AN ASSEMBLY
NEEDS AND HOW TO DENY ALL OTHER PERMISSIONS
BUT YOU CAN'T DO THIS EASILY.
EARTH WORM JIM
"Earth Worm Jim" <sdd> wrote: MICROSOFT IF YOU WANT TO STOP
SECURITY LEAKS IN DEVELOPERS CODE
TRY MAKING THE DOCUMENTATION ON
HOW TO SECURE .NET APPLICATION
UNDERSTANDABLE, TRY WRITING IT IN
ENGLISH AND NOT JARGON.
Better still, why don't they write it in all capital letters?
P.
searching on "code security" in msdn found several high-level and
several overview documents (and step-by-step tutorials) on the
subject. is microsoft asking too much that you actually read an
article or two?
On Mon, 23 Feb 2004 17:37:18 -0000, "Earth Worm Jim" <sdd> wrote: OH AND NOT EVERY DEVELOPER WANTS TO BECOME A SECURITY EXPERT JUST SO THAT
THEY CAN GET THERE APPLICATION OUT THERE IS THE REAL WORLD.
IS IT TO MUCH TO ASK FOR A COMPLETE EXAMPLE AND NOT JUST STUPID EXAMPLES
"Earth Worm Jim" <sdd> wrote in message
news:ev**************@TK2MSFTNGP10.phx.gbl... MICROSOFT IF YOU WANT TO STOP SECURITY LEAKS IN DEVELOPERS CODE TRY MAKING
THE DOCUMENTATION ON HOW TO SECURE .NET APPLICATION UNDERSTANDABLE, TRY
WRITING IT IN ENGLISH AND NOT JARGON.
ALL I WANTED TO KNOW WAS HOW TO DETERMINE WHICH PERMISSIONS AN ASSEMBLY
NEEDS AND HOW TO DENY ALL OTHER PERMISSIONS
BUT YOU CAN'T DO THIS EASILY.
EARTH WORM JIM
<G>
"Paul E Collins" <fi******************@CL4.org> wrote in message
news:c1**********@titan.btinternet.com... "Earth Worm Jim" <sdd> wrote:
MICROSOFT IF YOU WANT TO STOP
SECURITY LEAKS IN DEVELOPERS CODE
TRY MAKING THE DOCUMENTATION ON
HOW TO SECURE .NET APPLICATION
UNDERSTANDABLE, TRY WRITING IT IN
ENGLISH AND NOT JARGON.
Better still, why don't they write it in all capital letters?
P.
"Earth Worm Jim" <sdd> wrote in message
news:ev****************@TK2MSFTNGP10.phx.gbl... MICROSOFT IF YOU WANT TO STOP SECURITY LEAKS IN DEVELOPERS CODE TRY MAKING
THE DOCUMENTATION ON HOW TO SECURE .NET APPLICATION UNDERSTANDABLE, TRY
WRITING IT IN ENGLISH AND NOT JARGON.
Hmmm, are you telnetting into Windows from a Model 33 Teletype?
If so, impressive! http://www.secret-passage.com/line/capslock.html
"Earth Worm Jim" <sdd> wrote in message
news:ev**************@TK2MSFTNGP10.phx.gbl... MICROSOFT IF YOU WANT TO STOP SECURITY LEAKS IN DEVELOPERS CODE TRY MAKING
THE DOCUMENTATION ON HOW TO SECURE .NET APPLICATION UNDERSTANDABLE, TRY
WRITING IT IN ENGLISH AND NOT JARGON.
ALL I WANTED TO KNOW WAS HOW TO DETERMINE WHICH PERMISSIONS AN ASSEMBLY
NEEDS AND HOW TO DENY ALL OTHER PERMISSIONS
BUT YOU CAN'T DO THIS EASILY.
EARTH WORM JIM
Honestly, Todd, I must agree with Earthworm a bit....
There may be some great solutions but finding them is like searching for
platnum.
1.) Best way to protect intellectual property? And afford it?
2.) Best way to distribute and license and yet be able to update?
I have searched for some time and still don't have a good complete solution.
Shane
"ToddT" <NO********@SPAMmaritz.com> wrote in message
news:gf********************************@4ax.com... searching on "code security" in msdn found several high-level and
several overview documents (and step-by-step tutorials) on the
subject. is microsoft asking too much that you actually read an
article or two?
On Mon, 23 Feb 2004 17:37:18 -0000, "Earth Worm Jim" <sdd> wrote:
OH AND NOT EVERY DEVELOPER WANTS TO BECOME A SECURITY EXPERT JUST SO THAT
THEY CAN GET THERE APPLICATION OUT THERE IS THE REAL WORLD.
IS IT TO MUCH TO ASK FOR A COMPLETE EXAMPLE AND NOT JUST STUPID EXAMPLES
"Earth Worm Jim" <sdd> wrote in message
news:ev**************@TK2MSFTNGP10.phx.gbl... MICROSOFT IF YOU WANT TO STOP SECURITY LEAKS IN DEVELOPERS CODE TRY
MAKING THE DOCUMENTATION ON HOW TO SECURE .NET APPLICATION UNDERSTANDABLE, TRY
WRITING IT IN ENGLISH AND NOT JARGON.
ALL I WANTED TO KNOW WAS HOW TO DETERMINE WHICH PERMISSIONS AN ASSEMBLY
NEEDS AND HOW TO DENY ALL OTHER PERMISSIONS
BUT YOU CAN'T DO THIS EASILY.
EARTH WORM JIM
"SStory" <Th*******@TAKEOUTTHISSPAMBUSTERsofthome.net> wrote in message
news:ed**************@TK2MSFTNGP09.phx.gbl... Honestly, Todd, I must agree with Earthworm a bit....
There may be some great solutions but finding them is like searching for
platnum.
1.) Best way to protect intellectual property? And afford it?
That one is easy, there are two choices: keep it to yourself or write
immensly boring stuff(believe it or not, most protection is the latter, no
one simply cares). You can't protect intellectual property that you release.
You can sue, you can run massive campaigns against theft, and you'll *still*
have your property stolen. Obfusticate, use C++ and native code, sell your
software sealed in a chip...someone is still going to steal it if its
interesting. 2.) Best way to distribute and license and yet be able to update?
This one is difficult, and depends strongly on what you are doing. No single
platform offers much of a solution to this, and like above, licensing is
really just for the honest person, anyone who wants to steal your software
will, be it in C++ or .NET, your license can(and will) still be broken.
Best way to distribute depends heavily on the app. A small app is
downloadable, but if your app is 500 megs, then the best is bound to be cd
based. I have searched for some time and still don't have a good complete
solution.
Shane
"ToddT" <NO********@SPAMmaritz.com> wrote in message
news:gf********************************@4ax.com... searching on "code security" in msdn found several high-level and
several overview documents (and step-by-step tutorials) on the
subject. is microsoft asking too much that you actually read an
article or two?
On Mon, 23 Feb 2004 17:37:18 -0000, "Earth Worm Jim" <sdd> wrote:
>OH AND NOT EVERY DEVELOPER WANTS TO BECOME A SECURITY EXPERT JUST SO
>THAT
>THEY CAN GET THERE APPLICATION OUT THERE IS THE REAL WORLD.
>
>IS IT TO MUCH TO ASK FOR A COMPLETE EXAMPLE AND NOT JUST STUPID EXAMPLES
>
>
>"Earth Worm Jim" <sdd> wrote in message
>news:ev**************@TK2MSFTNGP10.phx.gbl...
>> MICROSOFT IF YOU WANT TO STOP SECURITY LEAKS IN DEVELOPERS CODE TRY MAKING >> THE DOCUMENTATION ON HOW TO SECURE .NET APPLICATION UNDERSTANDABLE,
>> TRY
>> WRITING IT IN ENGLISH AND NOT JARGON.
>>
>> ALL I WANTED TO KNOW WAS HOW TO DETERMINE WHICH PERMISSIONS AN
>> ASSEMBLY
>> NEEDS AND HOW TO DENY ALL OTHER PERMISSIONS
>>
>> BUT YOU CAN'T DO THIS EASILY.
>>
>> EARTH WORM JIM
>>
>>
>
Agreed,
If anyone wants to crack it they will, but I don't want to put it out there
with no protection.
Some honest people won't go to warez. Others will.. I am looking at the
honest folks.
So small app--not counting the dotnet runtime--which is why I will
distribute the original on CD.
What is the best solution to keep the honest folks honest and still be able
to provide updates over the internet?
Thanks,
Shane
"Daniel O'Connell [C# MVP]" <onyxkirx@--NOSPAM--comcast.net> wrote in
message news:ub**************@tk2msftngp13.phx.gbl...
"SStory" <Th*******@TAKEOUTTHISSPAMBUSTERsofthome.net> wrote in message
news:ed**************@TK2MSFTNGP09.phx.gbl... Honestly, Todd, I must agree with Earthworm a bit....
There may be some great solutions but finding them is like searching for
platnum.
1.) Best way to protect intellectual property? And afford it?
That one is easy, there are two choices: keep it to yourself or write
immensly boring stuff(believe it or not, most protection is the latter, no
one simply cares). You can't protect intellectual property that you
release. You can sue, you can run massive campaigns against theft, and you'll
*still* have your property stolen. Obfusticate, use C++ and native code, sell your
software sealed in a chip...someone is still going to steal it if its
interesting. 2.) Best way to distribute and license and yet be able to update?
This one is difficult, and depends strongly on what you are doing. No
single platform offers much of a solution to this, and like above, licensing is
really just for the honest person, anyone who wants to steal your software
will, be it in C++ or .NET, your license can(and will) still be broken.
Best way to distribute depends heavily on the app. A small app is
downloadable, but if your app is 500 megs, then the best is bound to be cd
based. I have searched for some time and still don't have a good complete
solution.
Shane
"ToddT" <NO********@SPAMmaritz.com> wrote in message
news:gf********************************@4ax.com... searching on "code security" in msdn found several high-level and
several overview documents (and step-by-step tutorials) on the
subject. is microsoft asking too much that you actually read an
article or two?
On Mon, 23 Feb 2004 17:37:18 -0000, "Earth Worm Jim" <sdd> wrote:
>OH AND NOT EVERY DEVELOPER WANTS TO BECOME A SECURITY EXPERT JUST SO
>THAT
>THEY CAN GET THERE APPLICATION OUT THERE IS THE REAL WORLD.
>
>IS IT TO MUCH TO ASK FOR A COMPLETE EXAMPLE AND NOT JUST STUPID
EXAMPLES >
>
>"Earth Worm Jim" <sdd> wrote in message
>news:ev**************@TK2MSFTNGP10.phx.gbl...
>> MICROSOFT IF YOU WANT TO STOP SECURITY LEAKS IN DEVELOPERS CODE TRY
MAKING >> THE DOCUMENTATION ON HOW TO SECURE .NET APPLICATION UNDERSTANDABLE,
>> TRY
>> WRITING IT IN ENGLISH AND NOT JARGON.
>>
>> ALL I WANTED TO KNOW WAS HOW TO DETERMINE WHICH PERMISSIONS AN
>> ASSEMBLY
>> NEEDS AND HOW TO DENY ALL OTHER PERMISSIONS
>>
>> BUT YOU CAN'T DO THIS EASILY.
>>
>> EARTH WORM JIM
>>
>>
>
"SStory" <Th*******@TAKEOUTTHISSPAMBUSTERsofthome.net> wrote in message
news:uB*************@TK2MSFTNGP11.phx.gbl... Agreed,
If anyone wants to crack it they will, but I don't want to put it out
there
with no protection.
Some honest people won't go to warez. Others will.. I am looking at the
honest folks.
Actually, honest people don't steal, when they decided to steal there goes
their honesty, doesn't it now?
So small app--not counting the dotnet runtime--which is why I will
distribute the original on CD.
What is the best solution to keep the honest folks honest and still be
able
to provide updates over the internet?
Again, there isn't. Cracking a program isn't any more work for most people
beyond hitting a search engine, typing in the name and running a small
program. All native code may do is buy you a few hours more before that
search engine lists your app, and honestly it probably won't. Beyond that,
I'm not sure where updating comes in to the picture, as they are seperate
things.
Thanks,
Shane
"Daniel O'Connell [C# MVP]" <onyxkirx@--NOSPAM--comcast.net> wrote in
message news:ub**************@tk2msftngp13.phx.gbl...
"SStory" <Th*******@TAKEOUTTHISSPAMBUSTERsofthome.net> wrote in message
news:ed**************@TK2MSFTNGP09.phx.gbl... > Honestly, Todd, I must agree with Earthworm a bit....
>
> There may be some great solutions but finding them is like searching
> for
> platnum.
>
> 1.) Best way to protect intellectual property? And afford it?
That one is easy, there are two choices: keep it to yourself or write
immensly boring stuff(believe it or not, most protection is the latter,
no
one simply cares). You can't protect intellectual property that you
release. You can sue, you can run massive campaigns against theft, and you'll
*still* have your property stolen. Obfusticate, use C++ and native code, sell
your
software sealed in a chip...someone is still going to steal it if its
interesting. > 2.) Best way to distribute and license and yet be able to update?
This one is difficult, and depends strongly on what you are doing. No
single platform offers much of a solution to this, and like above, licensing is
really just for the honest person, anyone who wants to steal your
software
will, be it in C++ or .NET, your license can(and will) still be broken.
Best way to distribute depends heavily on the app. A small app is
downloadable, but if your app is 500 megs, then the best is bound to be
cd
based. > I have searched for some time and still don't have a good complete
> solution.
>
> Shane
>
> "ToddT" <NO********@SPAMmaritz.com> wrote in message
> news:gf********************************@4ax.com...
>> searching on "code security" in msdn found several high-level and
>> several overview documents (and step-by-step tutorials) on the
>> subject. is microsoft asking too much that you actually read an
>> article or two?
>>
>>
>> On Mon, 23 Feb 2004 17:37:18 -0000, "Earth Worm Jim" <sdd> wrote:
>>
>> >OH AND NOT EVERY DEVELOPER WANTS TO BECOME A SECURITY EXPERT JUST SO
>> >THAT
>> >THEY CAN GET THERE APPLICATION OUT THERE IS THE REAL WORLD.
>> >
>> >IS IT TO MUCH TO ASK FOR A COMPLETE EXAMPLE AND NOT JUST STUPID EXAMPLES >> >
>> >
>> >"Earth Worm Jim" <sdd> wrote in message
>> >news:ev**************@TK2MSFTNGP10.phx.gbl...
>> >> MICROSOFT IF YOU WANT TO STOP SECURITY LEAKS IN DEVELOPERS CODE TRY
> MAKING
>> >> THE DOCUMENTATION ON HOW TO SECURE .NET APPLICATION UNDERSTANDABLE,
>> >> TRY
>> >> WRITING IT IN ENGLISH AND NOT JARGON.
>> >>
>> >> ALL I WANTED TO KNOW WAS HOW TO DETERMINE WHICH PERMISSIONS AN
>> >> ASSEMBLY
>> >> NEEDS AND HOW TO DENY ALL OTHER PERMISSIONS
>> >>
>> >> BUT YOU CAN'T DO THIS EASILY.
>> >>
>> >> EARTH WORM JIM
>> >>
>> >>
>> >
>>
>
>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: grahamd |
last post by:
Who are the appropriate people to report security problems to
in respect of a module included with the Python distribution?
I don't feel it appropriate to be reporting it on general mailing
lists.
|
by: Michael |
last post by:
I know how to display random jokes or sayings. But only if I reload
the page does the script select a new saying. How can I click on the
saying and have it load a new one in its place.
|
by: Ted Nicols |
last post by:
That's what I keep asking myself whenever develop in .NET. Is this a joke a
farse or just a bad dream?
..NET is slow, actually slow is just a polite word I can use in a newsgroup.
..NET is...
|
by: Matt Horsey |
last post by:
There are two men, an Englishmen and an Australian, wearing their
respective cricket uniforms, in the men's room. After finishing up, the
English man walks to the sink to wash up. The Aussie man...
|
by: Vic |
last post by:
Dear All,
I have been developing a small access database, but I am new to
security concepts with access. This is a multiuser database, I have a
table which will be written by various users...
|
by: Mike MacSween |
last post by:
S**t for brains strikes again!
Why did I do that? When I met the clients and at some point they vaguely
asked whether eventually would it be possible to have some people who could
read the data...
|
by: Chuck Insight |
last post by:
Hi All,
I have never tried to restrict what a person has access (Not Intended As A Joke) to. But my current class assignment requires that I present specialized switchboards to users based upon...
|
by: Skybuck Flying |
last post by:
Some coders don't need an obfuscator, they are the obfuscator.
Bye,
Skybuck =D
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| |
