Hi all,
I have a few questions about restricting who may call an assembly i'm
building.
First, I have a business assembly on a web server, with Serializable
objects that use remoting to move themselves to a data server (which
also has a copy of the business layer, and a data layer assembly as
well). Assuming this assembly is strongly named, do i need to worry
about someone comprimising the web server, decompling my business
assembly and then making calls via remoting to the data server? I know
the public key token is part of the version number of the assembly, but
i've also heard that the token itself could be applied to a rogue
assembly?
Second, is it possible to force that a caller of my assembly be signed
with certain public keys? Would adding such a restriction work, or
would it be too easy to fake a public key (from a dotnet or com
assembly)?
Thanks
Andy