October, 2004

  • .NET Security Blog

    Replacing Calc with Calculator Plus

    • 11 Comments
    On my home machine, and one of my office machines I log in as a normal user , and only elevate to an account with admin status when installing software, or doing other maintenance. Needless to say, doing that creates problems with various programs that...
  • .NET Security Blog

    Creating an AppDomain with limited permissions

    • 10 Comments
    Oftentimes in an application, it's necessary to run untrusted code. The CLR lets you do this safely by placing the code in its own AppDomain and sandboxing the AppDomain to have a limited set of permissions. Usually setting up the AppDomain with the Internet...
  • .NET Security Blog

    I'm Published!

    • 4 Comments
    The November 2004 issue of MSDN magazine is available online now, and it includes the first article I've ever had published. I co-authored this month's Trustworthy Code article, Exchange Data More Securely with XML Digital Signatures and Encryption with...
  • .NET Security Blog

    What to do when CasPol throws SecurityExceptions

    • 5 Comments
    CasPol is written in managed code, and as such is subject to the CLR's security policy system just like any other piece of managed code. Generally this is not a problem for it, since it is granted FullTrust by two separate code groups in the default policy...
  • .NET Security Blog

    Getting the Current Permissions in a Named Permission Set

    • 5 Comments
    There are several named permission sets defined by default in the CLR security policy: FullTrust SkipVerification Execution Nothing LocalIntranet Internet Everything These sets are used to create the default policy, however there's nothing stopping any...
  • .NET Security Blog

    Easily Creating a StrongNameMembershipCondition for an Assembly

    • 3 Comments
    Taking a break from sandboxing in an AppDomain for a minute, lets take a look at another aspect of policy. One situation that comes up very frequently when trying to execute code in a limited-trust sandbox is that there are some assemblies that you do...
  • .NET Security Blog

    The Locations of the Other Policy Levels

    • 0 Comments
    On Monday I wrote about how to recover CasPol to a usable state , if you've modified the security policy to disallow CasPol permission to run. My instructions included deleting %WINDIR%\Microsoft.Net\Framework\v x.y.zzzz \config\Security.config and Security...
  • .NET Security Blog

    The Return of ManagedStrongName: Key Containers

    • 1 Comments
    (updated 12/3/04, pointed to the newly refactored source ) It's been nearly two months since the last update to my managed sn.exe port , so its long-past overdue for some new features. This update implements the various key container features that are...
  • .NET Security Blog

    Mike Stall's (Relatively)New Debugger Blog

    • 1 Comments
    Mike Stall is one of the devs on our base services team, and his focus is on managed debugging. I played football with Mike 4 flag football seasons back, but generally don't need to work directly with him since the debugger and security don't have very...
  • .NET Security Blog

    Does StrongNameSignatureVerificationEx Cache Registry Lookup Results?

    • 2 Comments
    I received a question recently about my post on Checking for a Valid Strong Name Signature . The person who was using the code I presented there to run some tests under NUnit . The format of the tests was to use the Microsoft.Win32.Registry classes to...
  • .NET Security Blog

    Grunk Posts on File Canonicalization for FileIOPermission

    • 1 Comments
    Brian Grunnkmeyer recently posted a good piece on how FileIOPermission deals with file and path canonicalization. Brian wrote a large chunk of the base class library , and contributed to the SLAR . Its a good read if you want to know how FileIOPermission...
  • .NET Security Blog

    David Starts Blogging

    • 1 Comments
    David Notario has started up a blog ... he's one of the x86 JIT devs, and (since his office is right next door), is always the guy I go to when I need an issue about how the x86 JIT or the x86 JIT verifier works. His first post covers the phases of JIT...
Page 1 of 1 (12 items)