Before I spend a lot of time reading about something
I might not need to use/worry about, can someone give me
the 5 second take on CAS?
In general, when do I need to worry about it (what type of
apps in what types of environments)?
I'm writing a data access API for a proprietary system. We're
shipping this API to customers who build apps on top of this
API/foundation library.
What, if anything, should I be thinking about in terms of CAS?
Thanks,
Chad
8  1275 
Hi Chad,
Take a look at your component's public interface to see what other code has
access to. There is something called a Luring attack where calling code
tries to get your code to do something on its behalf. If such potential
exists, you'll want to protect your code so that Administrators or a setup
program operating on the Administrator's behalf can set up appropriate
policy. Here's an article I wrote on CAS Policy: http://www.code-magazine.com/Article...uickid=0405031
As you probably know, there is much more in the MSDN Security Developer
Center: http://msdn.microsoft.com/security/
Joe
-- http://www.csharp-station.com
"Chad Myers" <cm****@N0.SP4M.austin.rr.com> wrote in message
news:2q***************@fe2.texas.rr.com... Before I spend a lot of time reading about something
I might not need to use/worry about, can someone give me
the 5 second take on CAS?
In general, when do I need to worry about it (what type of
apps in what types of environments)?
I'm writing a data access API for a proprietary system. We're
shipping this API to customers who build apps on top of this
API/foundation library.
What, if anything, should I be thinking about in terms of CAS?
Thanks,
Chad
Sorry to reply to my own post, but I had second thoughts about something in
the meantime. This was a simplified description that doesn't truly do
justice in the way of properly implementing security. The right thing to do
is to learn about how CAS works, and learn about how to do proper Threat
Modelling. Any shortcuts to get from point A to point B are better than
nothing, but you shouldn't have a false sense of security and you should
understand that your code could still be vulnerable.
Joe
"Joe Mayo" <jm***@nospamAtCSharpDashStation.com> wrote in message
news:eB**************@TK2MSFTNGP15.phx.gbl... Hi Chad,
Take a look at your component's public interface to see what other code
has access to. There is something called a Luring attack where calling code
tries to get your code to do something on its behalf. If such potential
exists, you'll want to protect your code so that Administrators or a setup
program operating on the Administrator's behalf can set up appropriate
policy. Here's an article I wrote on CAS Policy:
http://www.code-magazine.com/Article...uickid=0405031
As you probably know, there is much more in the MSDN Security Developer
Center:
http://msdn.microsoft.com/security/
Joe
--
http://www.csharp-station.com
"Chad Myers" <cm****@N0.SP4M.austin.rr.com> wrote in message
news:2q***************@fe2.texas.rr.com... Before I spend a lot of time reading about something
I might not need to use/worry about, can someone give me
the 5 second take on CAS?
In general, when do I need to worry about it (what type of
apps in what types of environments)?
I'm writing a data access API for a proprietary system. We're
shipping this API to customers who build apps on top of this
API/foundation library.
What, if anything, should I be thinking about in terms of CAS?
Thanks,
Chad
As with all security the issue is are you guarding a resource that requires protection? In you r cas it sounds as if you are.
So the next question is do I need to base this protection on *which principal (user)* is making the call? If so then windows/ACL based security comes in to play.
The next question is: does it matter which code calls your functionality directly or indirectly? In other words is there an issue with code of unknown origin accessing the resource just because it happens to be running with a certain user's credentials? If so, then CAS comes in to play.
CAS is an article (or several) to explain so i won't do it here. But if you have sepcific questions I'm sure we'll all try to answer them :-)
Regards
Richard Blewett - DevelopMentor http://staff.develop.com/richardb/weblog
nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<eg**************@TK2MSFTNGP12.phx.gbl>
Sorry to reply to my own post, but I had second thoughts about something in
the meantime. This was a simplified description that doesn't truly do
justice in the way of properly implementing security. The right thing to do
is to learn about how CAS works, and learn about how to do proper Threat
Modelling. Any shortcuts to get from point A to point B are better than
nothing, but you shouldn't have a false sense of security and you should
understand that your code could still be vulnerable.
Joe
"Joe Mayo" <jm***@nospamAtCSharpDashStation.com> wrote in message
news:eB**************@TK2MSFTNGP15.phx.gbl... Hi Chad,
Take a look at your component's public interface to see what other code
has access to. There is something called a Luring attack where calling code
tries to get your code to do something on its behalf. If such potential
exists, you'll want to protect your code so that Administrators or a setup
program operating on the Administrator's behalf can set up appropriate
policy. Here's an article I wrote on CAS Policy:
http://www.code-magazine.com/Article...uickid=0405031
As you probably know, there is much more in the MSDN Security Developer
Center:
http://msdn.microsoft.com/security/
Joe
--
http://www.csharp-station.com
"Chad Myers" <cm****@N0.SP4M.austin.rr.com> wrote in message
news:2q***************@fe2.texas.rr.com... Before I spend a lot of time reading about something
I might not need to use/worry about, can someone give me
the 5 second take on CAS?
In general, when do I need to worry about it (what type of
apps in what types of environments)?
I'm writing a data access API for a proprietary system. We're
shipping this API to customers who build apps on top of this
API/foundation library.
What, if anything, should I be thinking about in terms of CAS?
Thanks,
Chad
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system ( http://www.grisoft.com).
Version: 6.0.766 / Virus Database: 513 - Release Date: 17/09/2004
[microsoft.public.dotnet.languages.csharp]
Well, following are some comments from a dis-illusioned developer. We
had meeting with Microsoft last week dealing with topics nearly the same
as the one you are asking about. One of the attendees was a person on
the actual CLR team so he should know what he is talking about. One of
the aspects of CAS we wanted to get detailed about was protecting some
of our dlls from having the customer calling them. Things dealing with
passwords and account setups. We need it as a dll because we have a
suite of applications and they need to share the same code. Basically
the CLR guy told us that there was no way to protect our dlls if they
are installed on the customer machine and he has Administrator
privleges. A determined person could work around any CAS features we
would try to implement. Licensing was really the best way to do the
protection he said. CAS was basically designed to protect the owner of a
machine from external code being accessed not to protect from code
installed on the machine.
This knowledge really floored us. We are having to rethink our design.
Protecting some sub-components are a must for us. At this point we don't
know how to approach it. Might have to go back to good old C++ and the
old fasion ways of doing this protection. Sad, was hoping to relegate
C++ to lower level funtions like drivers.
Sorry if this disillusions you about CAS but that is the state i am in
right now.
Leon Lambert
Chad Myers wrote: Before I spend a lot of time reading about something
I might not need to use/worry about, can someone give me
the 5 second take on CAS?
In general, when do I need to worry about it (what type of
apps in what types of environments)?
I'm writing a data access API for a proprietary system. We're
shipping this API to customers who build apps on top of this
API/foundation library.
What, if anything, should I be thinking about in terms of CAS?
Thanks,
Chad
This is really an issue about communication. I don't think the purpose of CAS has been communicated by Microsoft very well over the years. People hear thats its the .NET security model and assume its all-encompasing, rather than one tool in a suite that wee need to secure our applications and machines from unwanted access. CAS is great because it gives us a tool we didn't have before but its not designed for the purpose you needed.
A|lthough I must admit, I'm not sure how going to C++ is going to help (or hinder for that matter)
Regards
Richard Blewett - DevelopMentor http://staff.develop.com/richardb/weblog
nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<Oc**************@tk2msftngp13.phx.gbl>
Well, following are some comments from a dis-illusioned developer. We
had meeting with Microsoft last week dealing with topics nearly the same
as the one you are asking about. One of the attendees was a person on
the actual CLR team so he should know what he is talking about. One of
the aspects of CAS we wanted to get detailed about was protecting some
of our dlls from having the customer calling them. Things dealing with
passwords and account setups. We need it as a dll because we have a
suite of applications and they need to share the same code. Basically
the CLR guy told us that there was no way to protect our dlls if they
are installed on the customer machine and he has Administrator
privleges. A determined person could work around any CAS features we
would try to implement. Licensing was really the best way to do the
protection he said. CAS was basically designed to protect the owner of a
machine from external code being accessed not to protect from code
installed on the machine.
This knowledge really floored us. We are having to rethink our design.
Protecting some sub-components are a must for us. At this point we don't
know how to approach it. Might have to go back to good old C++ and the
old fasion ways of doing this protection. Sad, was hoping to relegate
C++ to lower level funtions like drivers.
Sorry if this disillusions you about CAS but that is the state i am in
right now.
Leon Lambert
Chad Myers wrote: Before I spend a lot of time reading about something
I might not need to use/worry about, can someone give me
the 5 second take on CAS?
In general, when do I need to worry about it (what type of
apps in what types of environments)?
I'm writing a data access API for a proprietary system. We're
shipping this API to customers who build apps on top of this
API/foundation library.
What, if anything, should I be thinking about in terms of CAS?
Thanks,
Chad
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system ( http://www.grisoft.com).
Version: 6.0.766 / Virus Database: 513 - Release Date: 17/09/2004
[microsoft.public.dotnet.languages.csharp]
Leon Lambert wrote: Well, following are some comments from a dis-illusioned developer. We
had meeting with Microsoft last week dealing with topics nearly the same
as the one you are asking about. One of the attendees was a person on
the actual CLR team so he should know what he is talking about. One of
the aspects of CAS we wanted to get detailed about was protecting some
of our dlls from having the customer calling them. Things dealing with
passwords and account setups. We need it as a dll because we have a
suite of applications and they need to share the same code. Basically
the CLR guy told us that there was no way to protect our dlls if they
are installed on the customer machine and he has Administrator
privleges. A determined person could work around any CAS features we
would try to implement. Licensing was really the best way to do the
protection he said. CAS was basically designed to protect the owner of a
machine from external code being accessed not to protect from code
installed on the machine.
This knowledge really floored us. We are having to rethink our design.
Protecting some sub-components are a must for us. At this point we don't
know how to approach it. Might have to go back to good old C++ and the
old fasion ways of doing this protection. Sad, was hoping to relegate
C++ to lower level funtions like drivers.
I'm sorry to bother you with that, but a little bit of CS
knowledge never hurts ;-) MS *knows* that you cannot build
a system that would help you to hide/restrict code on
user's machine. It's a proven problem, so just *forget*
about it.
Sorry if this disillusions you about CAS but that is the state i am in
right now.
It's in the state it *has* to be: to protect *users* from
hostile and/or dumb developers.
bye
Rob
Leon Lambert
Chad Myers wrote:
Before I spend a lot of time reading about something
I might not need to use/worry about, can someone give me
the 5 second take on CAS?
In general, when do I need to worry about it (what type of
apps in what types of environments)?
I'm writing a data access API for a proprietary system. We're
shipping this API to customers who build apps on top of this
API/foundation library.
What, if anything, should I be thinking about in terms of CAS?
Thanks,
Chad
Joe Mayo and Richard Blewett, thank so much for your great replies!
I'm not so sure I need CAS. The API I'm developing is simply a data
access layer that allows other applications easy access to some basic
application services like cross-database data access, configuration,
logging, caching, etc.
It's basically a glorified SqlClient, ConfigurationSettings, and
log4net combination.
None of those components/classes/etc have CAS that I'm aware of. They
are enabling technologies rather than destinations.
It sounds like apps built ON TOP OF my library need to worry about CAS
because they're responsible for who has access to this resource
(database, primarily).
Most of the apps built using our foundation library will be web apps
which will use ASP.NET's authentication mechanism and I don't think
there's any chance for outside code to be introduced.
In light of this, do you think I need to worry about CAS? It sounds
like I don't. If SqlClient, DataSet/DataTable/DataRow and the like
don't use CAS, then I'm basically in the same boat and I don't have
to either, right?
Thanks again!
Sincerely,
Chad
"Richard Blewett [DevelopMentor]" <ri******@develop.com> wrote in message
news:eU**************@TK2MSFTNGP09.phx.gbl... As with all security the issue is are you guarding a resource that
requires protection? In you r cas it sounds as if you are.
So the next question is do I need to base this protection on *which
principal (user)* is making the call? If so then windows/ACL based security
comes in to play.
The next question is: does it matter which code calls your functionality
directly or indirectly? In other words is there an issue with code of
unknown origin accessing the resource just because it happens to be running
with a certain user's credentials? If so, then CAS comes in to play.
CAS is an article (or several) to explain so i won't do it here. But if
you have sepcific questions I'm sure we'll all try to answer them :-)
Regards
Richard Blewett - DevelopMentor
http://staff.develop.com/richardb/weblog
nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<eg**************@TK2MSFTNGP12.phx.gbl>
Sorry to reply to my own post, but I had second thoughts about something
in the meantime. This was a simplified description that doesn't truly do
justice in the way of properly implementing security. The right thing to
do is to learn about how CAS works, and learn about how to do proper Threat
Modelling. Any shortcuts to get from point A to point B are better than
nothing, but you shouldn't have a false sense of security and you should
understand that your code could still be vulnerable.
Joe
"Joe Mayo" <jm***@nospamAtCSharpDashStation.com> wrote in message
news:eB**************@TK2MSFTNGP15.phx.gbl... > Hi Chad,
>
> Take a look at your component's public interface to see what other code
has > access to. There is something called a Luring attack where calling code
> tries to get your code to do something on its behalf. If such potential
> exists, you'll want to protect your code so that Administrators or a
setup > program operating on the Administrator's behalf can set up appropriate
> policy. Here's an article I wrote on CAS Policy:
>
> http://www.code-magazine.com/Article...uickid=0405031
>
> As you probably know, there is much more in the MSDN Security Developer
> Center:
>
> http://msdn.microsoft.com/security/
>
> Joe
> --
> http://www.csharp-station.com
>
> "Chad Myers" <cm****@N0.SP4M.austin.rr.com> wrote in message
> news:2q***************@fe2.texas.rr.com... > > Before I spend a lot of time reading about something
> > I might not need to use/worry about, can someone give me
> > the 5 second take on CAS?
> >
> > In general, when do I need to worry about it (what type of
> > apps in what types of environments)?
> >
> > I'm writing a data access API for a proprietary system. We're
> > shipping this API to customers who build apps on top of this
> > API/foundation library.
> >
> > What, if anything, should I be thinking about in terms of CAS?
> >
> > Thanks,
> > Chad
> >
> >
>
>
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.766 / Virus Database: 513 - Release Date: 17/09/2004
[microsoft.public.dotnet.languages.csharp]
If you are tgeh gateway to the protected resource (one that has to be guarded from untrusted code calling it) then you need to worry about CAS. The SQLClient uses CAS, it issues a Demand for a DBDataPermission to ensure everyone in the call stack has the rights to access databases. Similarly Log4net can use files which means a FileStream. The FileStream issues a Demand for FileIOPermision. Both of these classes are gateways on to functionality.
Now the question is does your code add a value-added layer which needs its own securing. For example, would it be ok for code that does not normally have access to databases to be able to use your code and indirectly have access to the database. In this case you may choose to create your own permission type and issue a demand for it. Of course if you are access a database then you need to stop the stack walk for DBDataPermission. You can do this by issuing an Assert against that permission.
You need to be careful, however, once you issue an Assert you leave open the door to luring attacks (where an untrusted piece of code performs an action it shouldn't by leveraging a trusted piece of code in a way unforseen by the trusted code's author).
Regards
Richard Blewett - DevelopMentor http://staff.develop.com/richardb/weblog
nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<dH*****************@fe2.texas.rr.com>
Joe Mayo and Richard Blewett, thank so much for your great replies!
I'm not so sure I need CAS. The API I'm developing is simply a data
access layer that allows other applications easy access to some basic
application services like cross-database data access, configuration,
logging, caching, etc.
It's basically a glorified SqlClient, ConfigurationSettings, and
log4net combination.
None of those components/classes/etc have CAS that I'm aware of. They
are enabling technologies rather than destinations.
It sounds like apps built ON TOP OF my library need to worry about CAS
because they're responsible for who has access to this resource
(database, primarily).
Most of the apps built using our foundation library will be web apps
which will use ASP.NET's authentication mechanism and I don't think
there's any chance for outside code to be introduced.
In light of this, do you think I need to worry about CAS? It sounds
like I don't. If SqlClient, DataSet/DataTable/DataRow and the like
don't use CAS, then I'm basically in the same boat and I don't have
to either, right?
Thanks again!
Sincerely,
Chad
"Richard Blewett [DevelopMentor]" <ri******@develop.com> wrote in message
news:eU**************@TK2MSFTNGP09.phx.gbl... As with all security the issue is are you guarding a resource that
requires protection? In you r cas it sounds as if you are.
So the next question is do I need to base this protection on *which
principal (user)* is making the call? If so then windows/ACL based security
comes in to play.
The next question is: does it matter which code calls your functionality
directly or indirectly? In other words is there an issue with code of
unknown origin accessing the resource just because it happens to be running
with a certain user's credentials? If so, then CAS comes in to play.
CAS is an article (or several) to explain so i won't do it here. But if
you have sepcific questions I'm sure we'll all try to answer them :-)
Regards
Richard Blewett - DevelopMentor
http://staff.develop.com/richardb/weblog
nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<eg**************@TK2MSFTNGP12.phx.gbl>
Sorry to reply to my own post, but I had second thoughts about something
in the meantime. This was a simplified description that doesn't truly do
justice in the way of properly implementing security. The right thing to
do is to learn about how CAS works, and learn about how to do proper Threat
Modelling. Any shortcuts to get from point A to point B are better than
nothing, but you shouldn't have a false sense of security and you should
understand that your code could still be vulnerable.
Joe
"Joe Mayo" <jm***@nospamAtCSharpDashStation.com> wrote in message
news:eB**************@TK2MSFTNGP15.phx.gbl... Hi Chad,
Take a look at your component's public interface to see what other code
has access to. There is something called a Luring attack where calling code
tries to get your code to do something on its behalf. If such potential
exists, you'll want to protect your code so that Administrators or a
setup program operating on the Administrator's behalf can set up appropriate
policy. Here's an article I wrote on CAS Policy:
http://www.code-magazine.com/Article...uickid=0405031
As you probably know, there is much more in the MSDN Security Developer
Center:
http://msdn.microsoft.com/security/
Joe
--
http://www.csharp-station.com
"Chad Myers" <cm****@N0.SP4M.austin.rr.com> wrote in message
news:2q***************@fe2.texas.rr.com... Before I spend a lot of time reading about something
I might not need to use/worry about, can someone give me
the 5 second take on CAS?
In general, when do I need to worry about it (what type of
apps in what types of environments)?
I'm writing a data access API for a proprietary system. We're
shipping this API to customers who build apps on top of this
API/foundation library.
What, if anything, should I be thinking about in terms of CAS?
Thanks,
Chad
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.766 / Virus Database: 513 - Release Date: 17/09/2004
[microsoft.public.dotnet.languages.csharp]
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system ( http://www.grisoft.com).
Version: 6.0.768 / Virus Database: 515 - Release Date: 22/09/2004
[microsoft.public.dotnet.languages.csharp] This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Nuno |
last post by:
Is there any SQL Error?
Or I have to use Select case in VB code to control SQL instead.
Thank you for any ans.
Nuno
|
by: elad |
last post by:
Hi
The Menu doesn't work properly when I have 2 frame and the Menu popup
frame=document target frame, when I choose item in
the menu the doc opened and the menu get stuck.
Here is the code...
|
by: Steven T. Hatton |
last post by:
In the following code, at what point is S::c fully defined?
#include <iostream>
using std::cout;
using std::endl;
using std::ostream;
class C {
int _v;
|
by: sql-db2-dba |
last post by:
Does DB2 just fudge it when it is an empty table? Is there a "formula"
for average row size when you have variable length records. Or you
really have to know what your application is packing into...
|
by: Nicolae Fieraru |
last post by:
Hi All,
I am trying to change the rowsource of a combobox when I click on it. I
played with many events, associated with the form and the combobox, but
still haven't figured out what is the way...
|
by: Peter Row |
last post by:
Hi,
I have created a UserControl which is subsequently hosted on a standard
form.
My control has a TabControl on it but it has no TabPages configured.
At runtime I create X pages and put a...
|
by: AAguiar |
last post by:
I have an asp.net project where the code behind the aspx page calls a c#
class which makes calls to a managed static C++ class.
The C# class works fine when the asp net worker process starts, when...
|
by: Galina |
last post by:
Hello
I have 6 dependent list boxes on my ASP page:
Faculty;
Lecturer;
Course;
Course occurrence;
Group;
Week commencing date.
When faculty is selected, lists of lecturers and...
|
by: Smokey Grindle |
last post by:
I have a list box on my form, but I need to databind it to a data table that
is a private member of the form's class... so I basically have
Public Class MyForm
priate m_MyTable as new datatable...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
| |
