February, 2005

  • .NET Security Blog

    Allowing Partially Trusted Callers

    The AllowPartiallyTrustedCallersAttribute (affectionately referred to as APTCA from here on out), is one of the aspects of the security system that most frequently trips people up when they run into it. Lets look at a typical scenario where I might run...
  • .NET Security Blog

    Blogging around the CLR

    As of today, there are 40 members of the extended CLR team with blogs on and off of MSDN. Some are more active than others, but if you're looking for a blog that might cover a specific area, here's some places to check out. Note these are categorized...
  • .NET Security Blog

    The Difference Between the Strong Name Hash and Hash Evidence

    The System.Security.Policy.Hash class allows you to make security decisions based upon the hash of an assembly using the HashMembershipCondition . That sounds awfully similar to how strong names are calculated ... According to ECMA partition II section...
  • .NET Security Blog

    Does Being in the GAC Grant FullTrust?

    What does being in the GAC imply about the permission set that will be assigned to an assembly? Well, it depends ... In v1.0 and 1.1, the fact that assemblies in the GAC seem to always get a FullTrust grant is actually a side effect of the fact that the...
  • .NET Security Blog

    More on the FullTrust GAC

    Last week I mentioned that although currently assemblies in the GAC receive FullTrust as a side effect of the GAC being on the local machine, from Whidbey beta 2 and beyond, being in the GAC will imply FullTrust on its own. A lot of the feedback wondered...
  • .NET Security Blog

    Public Key Tokens

    Time for another visit to the managed strong name API; this time lets take a look at public key tokens. If we want to calculate a token, the strong name API provides two functions that we can use. We've already covered the first, StrongNameTokenFromAssemblyEx...
  • .NET Security Blog

    CLR Bloggers Redux

    Since I posted the list CLR bloggers , I've gotten many requests for the list in OPML format. So by popular demand, I've done the conversion and put the result here: CLR Bloggers OPML . I'll continue to keep the original list and the OPML as up to date...
  • .NET Security Blog

    Feedback on Link and Disjunctive Demands

    In the spirit of gathering feedback from the community, here are two more feature areas we're interested in knowing how you use: Have you ever encountered the need to use a LinkDemand for a permission that did not inherit from CodeAccessPermission. (For...
  • .NET Security Blog

    Mindless Link Propagation

    Rick Byers , who works on the CLR's DevServices (read: debugger) team recently started blogging. Today he writes about a topic that comes up every month or so on our internal mailing lists, covariance and contravariance of CLR generics (read: why can...
Page 1 of 1 (9 items)