April, 2004

  • .NET Security Blog

    Arrays and SOS

    • 4 Comments
    Looking at arrays with SOS on WinDBG is not exactly the most intuitive process in the world. In order to demonstrate how to do this, I've written a small sample program that I'm going to “debug”. The code simply creates three arrays: ...
  • .NET Security Blog

    Writing Managed Code With VC++ 2005

    • 0 Comments
    There's been a few articles around lately on the new syntax for Managed C++ that's in VC++ 2005. MSDN had an article in the May magazine by Stephen Toub, Write Faster Code with the Modern Language Features of Visual C++ 2005 , which focuses on many new...
  • .NET Security Blog

    xml:id and SignedXml

    • 4 Comments
    A few weeks back, I posted about customizing how SignedXml searches for XML elements identified by a reference to an ID. By default, SignedXml searches for elements with an attribute named Id that has the given value. Recently, the W3C has come up...
  • .NET Security Blog

    XmlIdSignedXml.cs

    • 2 Comments
    using System; using System . Security . Cryptography . Xml; using System . Xml; /// <summary> /// Provides xml:id support for XML digital signatures /// </summary> /// <remarks> /// This class allows the .NET XML Digital Signature system...
  • .NET Security Blog

    Why Doesn't .NET Support Deterministic Finalization?

    • 1 Comments
    This email from Brian Harry has been making the rounds again lately. It's a pretty in depth talk about the reasons why .NET doesn't support deterministic finalization, including the history behind it. I found it a pretty interesting read. The mail's a...
  • .NET Security Blog

    ClickOnce Overview in May's MSDN Magazine

    • 0 Comments
    ClickOnce made the cover of the May 2004 issue of MSDN Magazine . (OK, yes, it was just a little blurb at the bottom of the cover, but that still counts!). Bryan Noyes gives a nice general overview of what you can do with ClickOnce in the article ...
  • .NET Security Blog

    Customizable CAS Defaults

    • 3 Comments
    One of the nicer new Whidbey features, at least from an admin standpoint, is the ability to customize the default CAS settings. On v1.0 and 1.1 of the framework running caspol -all -reset resulted in the security policy being reset to hardcoded defaults...
  • .NET Security Blog

    P/Invoke Wiki

    • 2 Comments
    Adam Nathan , who you may recognize as being the author of .NET and COM: The Complete Interoperability Guide , has started up a Wiki on P/Invoke . You'll find lots of P/Invoke definitions, along with recommend managed alternatives and gotchyas there....
  • .NET Security Blog

    New VC++ Toolkit 2003

    • 0 Comments
    The Visual C++ team has released the Visual C++ Toolkit 2003 , which includes the full optimizing C++ compiler found in VC++ 2003 professional. It also includes the STL, standard C library, and some samples. Definately worth checking out if you're in...
  • .NET Security Blog

    Signing Assemblies With C# in Whidbey

    • 16 Comments
    You may be in for a surprise when you try to rebuild your strongly named assemblies written in C# under Whidbey for the first time. If you're using the AssemblyKeyFile attribute, you'll get a warning similar to this: signed.cs(4,11): warning CS1699...
  • .NET Security Blog

    Generating a Key from a Password

    • 31 Comments
    If you're trying to encrypt data using a password, how do you convert the password into a key for symmetric encryption? The easiest way might be to simply convert the password to a byte array, and use this array as your key. However, this is a very bad...
  • .NET Security Blog

    Ivan Writes about Strong Name Signing with Smart Cards

    • 0 Comments
    Ivan's written a new article , showing how to use keys stored on a smart card to strong name sign an assembly. Worth a read if you've ever wondered how this might be done, or wanted a more secure method than using .snk files.
  • .NET Security Blog

    Whidbey's Secure CRT

    • 8 Comments
    One of the features that the Whidbey release of Visual C++ is going to bring is the new Secure CRT. The C++ library team has put a lot of work into creating safe alternatives to the old C runtime library functions that seem to always be behind security...
  • .NET Security Blog

    Using XPath to Sign Specific XML

    • 13 Comments
    In my last posting , I promised to write about a more general purpose way of selecting specific XML to sign. Although the technique I presented in the last post will work, it requires a custom class derived from SignedXml, and will not work unless both...
  • .NET Security Blog

    Searching for Custom ID Tags With Signed XML

    • 16 Comments
    Last week, I blogged about using references to sign only specific parts of an XML document. The biggest limitation with doing this is that you must refer to the nodes that are being signed by ID, which for v1.1 and 1.0 of the framework was given by an...
Page 1 of 1 (15 items)