473,386 Members | 1,674 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > code access security

Join Bytes to post your question to a community of 473,386 software developers and data experts.

Code Access Security

I don't think I have understood the concept of Code Access Security in
Dotnet fully.
1) I simply can't appreciate the method - *Permission.Assert that asserts
the 'right' and bypasses the security policy !! Wouldn't this make the
security policy redundant? (as any untrusted code can simply assert the
right and continue!!)

2) I have tried to change the Permission Set for All_Code code group to use
'Everything' but my code (which is a very basic dotnet windows application)
doesn't run. I have to revert to 'Full Trust'. I would imagine 'Full Trust'
to be same as granting unrestricted access to all protectable resources
(which is basically 'Everything') but it doesn't seem so.

3) Also I have found that any changes made to Enterprise or Machine level
policies don't take effect, I have to always change the User Level one. But
the documentation says the final Permission Set is an 'Intersection' of all
three levels !!

I am sure I am missing something... anybody shed some light on the issues ?

Nov 22 '05 #1
2 1439
> 1) I simply can't appreciate the method - *Permission.Assert that asserts
the 'right' and bypasses the security policy !! Wouldn't this make the
security policy redundant? (as any untrusted code can simply assert the
right and continue!!)


If the code doesn't have the permission, it can't assert it. Assert is used
in a trusted library that's going to perform a high-permission action (for
instance, System.IO.File calls native code somewhere to actually touch the
disk. BUT, it asserts before doing so, so your code only needs FileIO
permissions).

-mike
MVP
Nov 22 '05 #2
> 1) I simply can't appreciate the method - *Permission.Assert that asserts
the 'right' and bypasses the security policy !! Wouldn't this make the
security policy redundant? (as any untrusted code can simply assert the
right and continue!!)


If the code doesn't have the permission, it can't assert it. Assert is used
in a trusted library that's going to perform a high-permission action (for
instance, System.IO.File calls native code somewhere to actually touch the
disk. BUT, it asserts before doing so, so your code only needs FileIO
permissions).

-mike
MVP
Nov 22 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
How to Identify Permissions for SQL Server Tables & Stored Proc. via VB Code
by: Brad H McCollum | last post by:
I'm writing an application using VB 6.0 as the front-end GUI, and the MSDE version of SQL Server as the back-end (it's a program for a really small # of users --- less then 3-4). I'm trying to...
Microsoft SQL Server
0
San Diego .NET User Group Nov 25th meeting, Michele Leroux Bustamente, .NET Reflection and Code Access Security
by: Brian Loesgen | last post by:
The next San Diego .Net User Group meeting is Tuesday, November 25, 2003 at the Scripps Ranch Library. Scripps Ranch Library 10301 Scripps Lake Drive San Diego, CA 92131-1026 Please join us...
.NET Framework
1
Compilation of Code in Microsoft Visual Studio .NET and a couple of other Microsoft .NET questions
by: Novice | last post by:
Hi all, I'm afraid this is the second posting of this information as I didn't get a response on the previous post. I will try to shorten my message (i.e. be more concise) in the hopes that it will...
.NET Framework
1
Article : Code Access Security Part - 2 (.Net FrameWork Tools Series)
by: Namratha Shah \(Nasha\) | last post by:
Hey Guys, Before we start with our sample app we need to view the security configuration files on the machine. You will find them under <drive>\WInNT\Microsoft.NET\FrameWork\<version>\Config ...
.NET Framework
2
Code Security Thoughts
by: Antony | last post by:
I am currently writing an application (VB.NET) and I was thinking about all the hype that seems to be given to security and if I should pay it any attention or not. My first thought was, nah, no...
.NET Framework
0
Article : Code Access Security Part - 1 (.Net FrameWork Tools Series)
by: Namratha Shah \(Nasha\) | last post by:
Hey Guys, Today we are going to look at Code Access Security. Code access security is a feature of .NET that manages code depending on its trust level. If the CLS trusts the code enough to...
.NET Framework
17
SQL or Access DB
by: DaveG | last post by:
Hi all I am planning on writing a stock and accounts program for the family business, I understand this is likely to take close to 2 years to accomplish. The stock is likely to run into over a...
Visual Basic .NET
6
Allowing certain users to administer users via code, and other security questions
by: google | last post by:
I have a few general questions. I am working on a new database to be used within my company. I would like to give a couple of people, particularly HR, the ability to add and delete Access users,...
Microsoft Access / VBA
1
Code Access Security - General Question
by: Jeremy S. | last post by:
..NET's code Access Security enables administrators to restrict the types of things that a .NET application can do on a local computer. For example, a ..NET Windows Forms application can be...
.NET Framework
4
Impersonate specific user in code with Windows 2008
by: =?Utf-8?B?QXZhRGV2?= | last post by:
ASP.Net 2. We are migrating to Windows 2008 64 bit Server with IIS 7 from Windows 2003 32 Bit with IIS 6. A few library classes we wrote uses impersonation in code like explained in this...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!