"Sean Hederman" <us***@blogentry.com> wrote in message
news:d2**********@ctb-nnrp2.saix.net...
Jim Hubbard" <re***@groups.please> wrote in message
news:FI********************@giganews.com... Linkers have been around forever.......why can't we link all needed
portions of the .Net framework into a single EXE?
And how would CAS operate in such a scheme? Have a look at my article
http://codingsanity.blogspot.com/200...about-net.html for a
bit more detail.
Perhaps you are right.....I slept through the whole security thing at boot
camp, so I'm not able to toss up any real arguments here.....except to say
that I have yet to see anyone at the companies I have worked at with .Net
(some pretty big companies like Qwest Communications applications built and
hosted at Innotrac) utilize signing at all.
If I create an unsigned application and throw that sucker into a setup built
by Wise or InstallShield, it has unrestricted access to the customers
machine. I've done it a few times now.
Perhaps this isn't the "Microsoft way" but it sure is how things are getting
done.
So, CAS really means nothing to me.
Let's suppose for a minute that a piece of code is "signed". CAS may be
able to verify that the signature matches whatever Verisign says about the
company that signed it, but "bad" companies can get signatures and Verisign
doesn't pass judgment on what can be done with the signed apps - it just
verifies the signature with the data (real or made-up) that it has on file.
It is still up to the user to decide whether a company is trusted ("good")
or untrusted ("bad").
I don't see CAS as anything but Microsoft's attempt to expand the "sandbox"
idea of JAVA. It is not failsafe, and is still highly dependent on the
user - which means that the users will still allow "unsafe" code to run,
just like they run all of that "FREE" crap they download now.
Lot's of work for not much safety - as far as the common user and programmer
is concerned - IMHO.
But, again, I slept through that security stuff myself. They really
should've placed it AFTER telling us how to build a .Net app. Then, maybe
our minds could've gotten off of how to build .Net apps long enough to care
about protecting them.
It's like teaching your son about car safety when all he wants to do is get
behind the wheel and drive. Sure the sound vibrations hit his ears.....but
he didn't hear a thing.
Jim Hubbard