Hi all, I'm afraid this is the second posting of this information as I didn't get a response on the previous post. I will try to shorten my message (i.e. be more concise) in the hopes that it will make it easier for someone (i.e. a Microsoft person) to digest the information and respond to it. I am a C++ and Java developer with over 3 years of industry experience. I've written low level C++ code, in addition to web clients that use web services. I've just recently installed the Visual Studio .net Professional trial version 2003. I have been reading up various documents that discuss - "What is Microsoft .Net" and have found some enlightening information
I'm trying to write a paper on security and software development using Microsoft .Net. So far the most difficult aspect has been determining - what is Microsoft .NET?
--Questions-
1. What is included in the "set of software technologies" that are part of Microsoft .NET beyond the Microsoft .NET Framework. Specifically, I'm wondering if I speak to someone about Microsoft .NET does that include Microsoft Visual Studio .NET and other supportive technologies
2. If I write unmanaged C++ code in Microsoft Visual Studio .NET is it transformed/compiled into MSIL (intermediate language) and then Just-In-Time comiled using CLR into native code? If so, is the best way to look at the MSIL form of this code by using ildasm.exe? I notice when I comile C# code that there is a tempPE directory. Is this where the MSIL form of the C# program is stored temporarily? If so, can I force Visual Studio .NET to leave the file there after compilation
3. If I can find a security issue (i.e. one of the functions like printf in iostream provided by Visual Studio .NE
has a security flaw) in a C++ program (compiled using Visual Studio ..net) then does that mean that I have found a security flaw in .NET or is it just a security flaw in Microsoft's implementation of the printf function? I.E. are they one and the same
4. When I read this one .NET security document "Security in the Microsoft ..NET Environment" it indicated the framework had a variety of security mechanisms
Evidence-Based Security, Code Access Security, Role-Based Security, etc. Are these just features of using the libraries available in all of the languages that are compiled into MSIL (like C#, C++, ASP.NET, etc)? The document even went on to show a line of code (from I assume ASP.NET)
if (HTTPContext.IsCallerInRole("Admin"){...}
5. (a) If I compile a C++ program (that uses only managed code) using Visual Studio .NET will that executable require the .NET framework to be installed? I.E. if I send it to my friend on a different computer (same OS), will he require the .NET framework to execute it
(b) If I compile a C++ program (that uses only UNmanaged code) using Visual Studio .NET will that executable require the .NET framework to be installed? I.E. if I send it to my friend on a different computer (same OS), will he require the .NET framework to execute it
(c) Also, has the executable in (b) been generated using the JIT compiler in CLR
In summary, I want to clearly understand where .NET begins and ends. I want to know if I find a security related problem in some of the supporting libraries (i.e. iostream) of C++ that are found within Visual Studio .net have I found a .NET security flaw or is it just a security flaw in Microsoft's implementation of the iostream library for C++? Is the security framework I mentioned earlier available to all of the previously mentioned languages like C#, J#, ASP.NET, etc i
some form or another (due to their compilation to MSIL and subsequent JIT compile to native code)?
Thanks for any advice in this regard
Novice
1  3876 
"Novice" <6tc1@qlinkDOTqueensuDOTca> wrote in message
news:8B**********************************@microsof t.com... Hi all, I'm afraid this is the second posting of this information as I
didn't get a response on the previous post. I will try to shorten my
message (i.e. be more concise) in the hopes that it will make it easier for
someone (i.e. a Microsoft person) to digest the information and respond to
it. I am a C++ and Java developer with over 3 years of industry experience.
I've written low level C++ code, in addition to web clients that use web
services. I've just recently installed the Visual Studio .net Professional
trial version 2003. I have been reading up various documents that discuss -
"What is Microsoft .Net" and have found some enlightening information.
I'm trying to write a paper on security and software development using
Microsoft .Net. So far the most difficult aspect has been determining -
what is Microsoft .NET?
--Questions--
1. What is included in the "set of software technologies" that are part
of Microsoft .NET beyond the Microsoft .NET Framework. Specifically, I'm
wondering if I speak to someone about Microsoft .NET does that include
Microsoft Visual Studio .NET and other supportive technologies?
This is a tough question, mostly due to mistakes by MS marketing. I do not
belive any (major)products outside of Visual Studio still use the .NET
moniker.
2. If I write unmanaged C++ code in Microsoft Visual Studio .NET is it
transformed/compiled into MSIL (intermediate language) and then Just-In-Time
comiled using CLR into native code? If so, is the best way to look at the
MSIL form of this code by using ildasm.exe? I notice when I comile C# code
that there is a tempPE directory. Is this where the MSIL form of the C#
program is stored temporarily? If so, can I force Visual Studio .NET to
leave the file there after compilation?
Unmanaged C++ is not compiled to MSIL, its compiled to native code. As for
the tempPE directory, I don't know off hand waht that does, except that its
part of visual studio, not the compiler. I do not believe the c# compiler
generates an assembly file in any form. To examine MSIL, ildasm is your best
choise though. 3. If I can find a security issue (i.e. one of the functions like printf
in iostream provided by Visual Studio .NET has a security flaw) in a C++ program (compiled using Visual Studio ..net)
then does that mean that I have found a security flaw in .NET or is it just
a security flaw in Microsoft's implementation of the printf function? I.E.
are they one and the same?
That would be a bug in MS's printf function. .NET, as far as security goes,
would mostly be the framework classes. Unmanged C and STL\ATL classes are
not a portion of the framework(although bugs in them are important if you
are using managed C++). 4. When I read this one .NET security document "Security in the Microsoft
...NET Environment" it indicated the framework had a variety of security
mechanisms: Evidence-Based Security, Code Access Security, Role-Based Security, etc.
Are these just features of using the libraries available in all of the
languages that are compiled into MSIL (like C#, C++, ASP.NET, etc)? The
document even went on to show a line of code (from I assume ASP.NET): if (HTTPContext.IsCallerInRole("Admin"){...})
Code access and Evidence based security is enforced by the runtime, if
memory serves. So any app that runs in the system is restricted by them.
5. (a) If I compile a C++ program (that uses only managed code) using
Visual Studio .NET will that executable require the .NET framework to be
installed? I.E. if I send it to my friend on a different computer (same
OS), will he require the .NET framework to execute it.
Yes (b) If I compile a C++ program (that uses only UNmanaged code) using
Visual Studio .NET will that executable require the .NET framework to be
installed? I.E. if I send it to my friend on a different computer (same
OS), will he require the .NET framework to execute it.
No. (c) Also, has the executable in (b) been generated using the JIT
compiler in CLR?
No, it would be generated by the MS C++ compiler. In summary, I want to clearly understand where .NET begins and ends. I
want to know if I find a security related problem in some of the supporting
libraries (i.e. iostream) of C++ that are found within Visual Studio .net
have I found a .NET security flaw or is it just a security flaw in
Microsoft's implementation of the iostream library for C++? Is the security
framework I mentioned earlier available to all of the previously mentioned
languages like C#, J#, ASP.NET, etc in some form or another (due to their compilation to MSIL and subsequent JIT
compile to native code)?
Most of the compilation to native code shouldn't be reliant on the C library
or the STL, however the JIT does use these and *may* be vulnerable, however
proving that may not be easy.
Thanks for any advice in this regard,
Novice This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Joachim |
last post by:
I made some project changes (which seems it doesn't help if I undo) which
have created compilation error:
"
Server Error in '/PCSWebApp1' Application....
|
by: Tommy Vercetti |
last post by:
In Visual Studio .NET 2003, I do the following
1) File->New->Project
2) Visual C++ Projects->.NET->Windows Forms Application
3) Project->Add New Item->C++ File
4) Clear the new C++ file and...
|
by: Ganapathy |
last post by:
I have COM dll code written in VC 6.0. When i tried
compiling this code in VC 7, The MIDL cmpiler gets called
twice. i.e. it initially compiles fully & immediately a
line - 64 bit processing'...
|
by: Patrick Huffer |
last post by:
When I open a certain page, I receive a "Compilation Error" as
follows:
Compiler Error Message: CS0117: 'System.Web.UI.HtmlControls.HtmlForm'
does not
contain a definition for 'ValidateInput'...
|
by: Raterus |
last post by:
I'm just throwing this error out for my sanity, I've seen posts about this, but never solutions.
I'm using VS.NET 2003, Framework 1.1, and I'm getting a random error about every 1 out of 10 times...
|
by: Novice |
last post by:
Hi all, I'm afraid this is the second posting of this information as I didn't get a response on the previous post. I will try to shorten my message (i.e. be more concise) in the hopes that it will...
|
by: Arsalan Ahmad |
last post by:
Hi all,
I am trying to compile some source files using makefile. While compiling I
am getting errors as shown below. Any idea how can I solve this problem. I
believe I need to add some...
|
by: ftjonsson |
last post by:
hello,
I was wondering if anyone could tips me on what I am doing wrong when
writing the following code:
#include <iostream>
using namespace std;
int main ()
{
|
by: misu101 |
last post by:
Hi,
I have a VS 6 project and I am trying to compile it using VS 2005.
My program has the atlbase.h include which seems to trigger the errors.
It used to compile OK using VS 6.
The include...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
