The MSDN Magazine site just put up my article, Do You Trust It? Discover Techniques for Safely Hosting Untrusted Add-Ins with the .NET Framework 2.0 , as a preview of their November security issue . In the article I cover various techniques for safely...

Before PDC we were talking a bit about security transparency, namely what it is and how to use it . We learned the restrictions placed on transparent code which prevents it from elevating the permissions of the call stack, namely: Transparent code...

One of the attendees at the PDC had an interesting question combining ClickOnce and Add-Ins. Basically, his application was being deployed with ClickOnce, and was running without elevating it's privileges beyond the Internet zone [fan-tastic :-)]. The...

Another interesting question arose today. An assembly was granted FullTrust by policy, which was confirmed by CasPol. Yet it was being prevented from calling code in non-APTCA assemblies. Turns out that the code in question had an assembly level RequestOptional...

Last night at the Writing Partial Trust Code BoF, someone was wondering if they could create a sort of download sandbox on their machine. The problem that we're trying to solve is to be able to save code to the local machine from the browser instead of...

The day's winding down now, and I'm getting ready to head to Keith's BoF's Writing Secure Code and Writing Partially Trusted Code. Before taking off, here's the quote of the day from PDC: "The two things that are helping .NET really take off are the...

Just got back from lunch with a group from Apple. After checking the rule book, it turns out that no physical laws would be violated by having Apple and Microsoft so close together, and than fully there was no matter-antimatter reaction :-). They were...

After spending the beginning of the morning in the Fundamentals Lounge, I went up to see Keith during the intermission of his Art of Secure Coding and to let him know that Mike and I would swing by his BOF's tomorrow . Afterwords, we grabbed some lunch...

I'll be heading down to Los Angeles this Sunday to take part in my first PDC. I'm going to spend most of my time in the Fundamentals Track Lounge. I'll also be celebrating my birthday at the Ask the Experts on Thursday from 6:30-9:00 (and hopefully celebrating...

Last week I discussed the concepts of security transparency and security critical code. Now it's time to get into the how-to's Marking an Entire Assembly Critical This is by far the easiest of the operations ... just do nothing [:D]. By default...

Mike Stall recently completed a project to embed IronPython into the MDbg debugger as an MDbg extension. IronPython's hosting interface is pretty slick, in fact it took Mike only 10 steps to get IronPython running inside MDbg and expose the debugger functionality...