September, 2004

  • .NET Security Blog

    .NET 1.0 SP 3 and .NET 1.1 SP 1 Released

    • 23 Comments
    Today we pushed .NET 1.0 SP3 and .NET 1.1 SP1 onto Windows Update as a Critical Update. You can also download the service packs from the MSDN download center. Here's a brief review of what's new for security in each service pack: .NET 1.0 SP3 (v1.0.3705...
  • .NET Security Blog

    FormatMessage Shortcut for Win32 Error Codes

    • 5 Comments
    If you ever need to P/Invoke to an API that returns extended error information via the GetLastError function, then you've also probably been through the pain of converting the error code into a usable error message via the FormatMessage API ... not exactly...
  • .NET Security Blog

    Spot the Defect: Modifying the Security Policy in Code

    • 2 Comments
    Modifying the CLR's security policy can be done in your code by interacting with the SecurityManager object. Specifically, you can access the PolicyHierarchy method which will expose an enumerator over the policy levels, and the SavePolicy method, which...
  • .NET Security Blog

    Deploying Policy on v1.0 and 1.1 of the CLR

    • 9 Comments
    A lot of the time, someone has written an application that won't run under the CLR's default security settings and needs to provide a mechanism for their users to modify the policy easily in order to allow their application to run. For Whidbey, ClickOnce...
  • .NET Security Blog

    Finding Out The Current User in the Debugger

    • 2 Comments
    Every once in a while, while debugging multi-threaded applications that do impersonation, it becomes useful to figure out the context that the current thread is running under. This is especially useful when debugging server scenarios where connections...
  • .NET Security Blog

    Why Can't I Change the KeySize of Asymmetric Algoritms or: The Joys of Backwards Compatibility

    • 12 Comments
    Here's a little quirk that can definitely cause a lot of confusion. When I run the following code snippet, what do you suppose the output will be: RSA rsa = new RSACryptoServiceProvider ( ) ; Console . WriteLine ( rsa . KeySize ) ; rsa . KeySize = 4096;...
  • .NET Security Blog

    How I Learned to Stop Worrying and Love the GC

    • 0 Comments
    Chris Lyon , the CLR's GC tester, has just started up a new MSDN blog. Working on the GC, Chris has a lot of knowledge about how the CLR works internally, and he'll be able to shed some light on one of the most misunderstood components of the runtime...
  • .NET Security Blog

    Labor Day Links

    • 0 Comments
    Here are a few quick security links to check out over the barbecue this Labor Day Weekend. Nothing says party like a good discussion about impersonation leaks in managed code and how SIDs work, that's what I always say :-) Eric Lippert grabbed another...
  • .NET Security Blog

    How To Tell if Two PermissionSets Are The Same

    • 0 Comments
    Determining if two PermissionSet objects are logically the same is a relatively common thing for an application that deals with security to attempt to do, however the v1.0 and v1.1 PermissionSet classes did not override the Equals method to allow this...
  • .NET Security Blog

    How do you use MigPol?

    • 5 Comments
    In preparing for Whidbey, we'd like to collect some information about how you use the MigPol tool. Specifically, the CLR Security team is interested in: How do you use MigPol? How often do you use it? Common usage scenarios Did you even know MigPol existed...
Page 1 of 1 (10 items)