473,324 Members | 2,254 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

CAS - Do you think this is feasible?

The problem with trying to use CAS to do this on a machine that you don't control is that anyone with admin privilege on the machine can run

caspol -i off

and all your carefully crafted permissions and checks are ignored - on install you could have an encrypted value accessible somewhere that said what kind of version it was - there are issues with this in terms of key management and things like that though.

Regards

Richard Blewett - DevelopMentor

http://staff.develop.com/richardb/weblog

nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<BB**********************************@microsoft.co m>

Hi there,

I had been thinking really hard.

I had a scenario and i am wondering anyone had experience this before.

I had to push out couple of dlls, example:

myframework.sdk.dll
myframework.os.dll

We had 100 partners around the world, and i am thinking that each partners
only requires certain features of the libraries we had.

We had 2 versions:

Just say the dll myframework.sdk.dll contains 10 functions

Professional - full access to all 10 functions
Academic - limits to 3 functions

well it still depends, sometimes we had to cater each partner to only access
to the necessary functions.

In order to make this happen:

1) I secure my dll code with CAS attributes, and each method had an
attributes on which assemblies which calls it.

2) There will be an abstraction layer, that calls this myframework.sdk.dll
and myframework.os.dll. I remember how sql server 2005 handles this with the
existence of xsd schemas.

people access --> master.dll (abstraction layer) --> myframework.sdk.dll and
my framework.os.dll

3) In order to high protective, master.dll is protected with dongle. Hmm, is
this the best way with using dongle? I know that under administration tool ,
.net framework 1.1 configuration, you can set something to secure the dll.

But what if the system admin of the partner, manipulate the settings, the
security to the dll is all gone.

Any idea who experiences this before?

But the problem i see here with CAS, to cater each client manually, i had to
modify each security settings manually, recompiles it. Is there any way, to
stop me from recompiling my dll, and on the fly set my security settings on
each method?

Maybe,

[Allowed("true")]
public int PrintStatus() {}

-auto trigger without recompile my dlls.

[Allowed("false")]
public int PrintStatus() {}

Hope someone can give some comments!
--
Regards,
Chua Wen Ching :)

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.760 / Virus Database: 509 - Release Date: 10/09/2004

[microsoft.public.dotnet.languages.csharp]
Nov 16 '05 #1
0 1159

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

11
by: John | last post by:
Hi We have an access desktop app with front-end/back-end situation where all tables are in the back end and everything else, forms/queries, are in the front end. We would like to make a web app...
23
by: JDeats | last post by:
Just spent some time browsing around here: http://msdn.microsoft.com/Longhorn/ I can see the benefits from WinFS (as long as we tag all in-coming data this should be nice, tagging everything...
3
by: Angel | last post by:
Hello again (and again, and again...) I think I'm getting closer to solving my initial problem of calling unmanaged code. I managed to call the functions with user-defined structs w/o getting any...
4
by: lcazarre | last post by:
I am by no means a serious programmer (which will become evident as you read this very message), except that I use VBA almost daily to automate Excel spreadsheets. I do enjoy programming however...
29
by: GhostInAK | last post by:
I'm seeing a terribly distubing number of questions that have no purpose in existing. As an example: How do I change the position of a stream? Hmm.. Could it be some method on the stream...
1
by: Google Questions | last post by:
After NorthKorean problem, do you find any similarities between your country and North Korea ? What did you teach your kid generation about how they should think about the world ? If you are...
6
by: Osiris | last post by:
Is the following intuitively feasible in Python: I have an array (I come from C) of identical objects, called sections. These sections have some feature, say a length, measured in mm, which is...
10
by: JonathanOrlev | last post by:
Hello everybody, I wrote this comment in another message of mine, but decided to post it again as a standalone message. I think that Microsoft's Office 2003 help system is horrible, probably...
2
by: rpgfan3233 | last post by:
In "A Modest Proposal: C++ Resyntaxed," Ben Werther and Damian Conway provided an altered C++ syntax; a syntax meant to be easier to understand. You can find the paper online in HTML format . If...
0
by: raylopez99 | last post by:
I ran afoul of this Compiler error CS1612 recently, when trying to modify a Point, which I had made have a property. It's pointless to do this (initially it will compile, but you'll run into...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.