.NET Framework Question

If you think that program run by you can format HD, why don't you try it
from the command line:
format c:
It would be exactly the same.

Hello,

That is quite a simple, but very good example.

One of the main principals of the .net framework is security, which to be
honest, has been needed for years.

To create an application in .net and expect it to run on every machine is a
very silly mistake to make and you will quickly find yourself running into
issues.

The basic principal is simply, if code has not been trusted, it wont run and
thats it in laymens terms.

So if you try to run a peice of software wrote in .net over the network, you
may find it wont work,because it has not been trusted on the local computer.

Regards

Scott Blood
C# Developer

"PiotrKolodziej" <pi*************@gmail.com> wrote in message
news:75**************************@news.chello.pl.. .

If you think that program run by you can format HD, why don't you try it
from the command line:
format c:
It would be exactly the same.

Oh i see so its like the thing you see when you're installing applets
accross the internet and it asks if you trust the source... that's how
it differentiates malicious code from non malicious, if the user is
willing to click the 'i trust this' button!

thanks now I see what it means by malicious code

:)

<ga********@myway.com> wrote in message
news:11**********************@u72g2000cwu.googlegr oups.com...

Oh i see so its like the thing you see when you're installing applets
accross the internet and it asks if you trust the source... that's how
it differentiates malicious code from non malicious, if the user is
willing to click the 'i trust this' button!

thanks now I see what it means by malicious code

Not entirely, but close. By providing fairly fine grained access control
over alot of features, the runtime offers levels of trust. Code run from the
internet, for example, probably will not have read/write access to the
registry or file system(other than isolated storage) or be capable of
calling into Win32 directly or accessing memory or what have you. This keeps
untrusted code from doing very bad things.

The trust system expands to the application level as well. A program that
uses plugins can, if written properly, restrict what the plugins are
permitted to do, programs that use .NET based scripts\macro's could restrict
the feature set macro's are permitted to have, and so on.

Still, this doesn't save you entirely. A user who is willing to move the
application into a more trusted zone will still run risks. It is a step, but
the user has to be careful too.

Hello,

As Daniel said, the levels of security within the framework, extend way past
what win32 offered us.

The plugin example is a very good one and is probably one of the reasons he
is an MVP.

If you create a simple application then ammends a registry entry and then
places a file on the users computer, depending on the trust levels
associated with the assembly or application, will depend on whether or not
these functions fail.

It is really your responsibility as a developer to ensure that the
application is wrote in a way, that hides the user from these complexities
and ensures that code being run will be allowed to run so that the user
dosn't receieve error messages that they may not understand or really want
to understand.

Regards
Scott Blood
C# Developer

"Daniel O'Connell [C# MVP]" <onyxkirx@--NOSPAM--comcast.net> wrote in
message news:eD**************@TK2MSFTNGP11.phx.gbl...

<ga********@myway.com> wrote in message
news:11**********************@u72g2000cwu.googlegr oups.com...

Oh i see so its like the thing you see when you're installing applets
accross the internet and it asks if you trust the source... that's how
it differentiates malicious code from non malicious, if the user is
willing to click the 'i trust this' button!

thanks now I see what it means by malicious code

Not entirely, but close. By providing fairly fine grained access control
over alot of features, the runtime offers levels of trust. Code run from
the internet, for example, probably will not have read/write access to the
registry or file system(other than isolated storage) or be capable of
calling into Win32 directly or accessing memory or what have you. This
keeps untrusted code from doing very bad things.

The trust system expands to the application level as well. A program that
uses plugins can, if written properly, restrict what the plugins are
permitted to do, programs that use .NET based scripts\macro's could
restrict the feature set macro's are permitted to have, and so on.

Still, this doesn't save you entirely. A user who is willing to move the
application into a more trusted zone will still run risks. It is a step,
but the user has to be careful too.

ga********@myway.com wrote:

I'm reading up on Visual C# and chapter 14 is introducing me to the
.net framework...

I'm a little curios it says that one of the function of the CLR is to
protect users from malicious code...

Q. How does it do that?

May be a good read:
http://www.awprofessional.com/articl...&seqNum=3&rl=1