September, 2005

  • .NET Security Blog

    Discover Techniques for Safely Hosting Untrusted Add-Ins with the .NET Framework 2.0

    • 12 Comments
    The MSDN Magazine site just put up my article, Do You Trust It? Discover Techniques for Safely Hosting Untrusted Add-Ins with the .NET Framework 2.0 , as a preview of their November security issue . In the article I cover various techniques for safely...
  • .NET Security Blog

    Marking Your Code Transparent

    • 8 Comments
    Last week I discussed the concepts of security transparency and security critical code. Now it's time to get into the how-to's Marking an Entire Assembly Critical This is by far the easiest of the operations ... just do nothing [:D]. By default...
  • .NET Security Blog

    Using Add-Ins with a ClickOnce Deployed Application

    • 7 Comments
    One of the attendees at the PDC had an interesting question combining ClickOnce and Add-Ins. Basically, his application was being deployed with ClickOnce, and was running without elevating it's privileges beyond the Internet zone [fan-tastic :-)]. The...
  • .NET Security Blog

    IronPython + MDbg = good times

    • 3 Comments
    Mike Stall recently completed a project to embed IronPython into the MDbg debugger as an MDbg extension. IronPython's hosting interface is pretty slick, in fact it took Mike only 10 steps to get IronPython running inside MDbg and expose the debugger functionality...
  • .NET Security Blog

    Creating Partial Trust Directories

    • 2 Comments
    Last night at the Writing Partial Trust Code BoF, someone was wondering if they could create a sort of download sandbox on their machine. The problem that we're trying to solve is to be able to save code to the local machine from the browser instead of...
  • .NET Security Blog

    RequestOptional Removes Permissions

    • 1 Comments
    Another interesting question arose today. An assembly was granted FullTrust by policy, which was confirmed by CasPol. Yet it was being prevented from calling code in non-APTCA assemblies. Turns out that the code in question had an assembly level RequestOptional...
  • .NET Security Blog

    PDC '05: Lunch with Apple

    • 1 Comments
    Just got back from lunch with a group from Apple. After checking the rule book, it turns out that no physical laws would be violated by having Apple and Microsoft so close together, and than fully there was no matter-antimatter reaction :-). They were...
  • .NET Security Blog

    PDC '05: Quote of the Day

    • 1 Comments
    The day's winding down now, and I'm getting ready to head to Keith's BoF's Writing Secure Code and Writing Partially Trusted Code. Before taking off, here's the quote of the day from PDC: "The two things that are helping .NET really take off are the...
  • .NET Security Blog

    PDC '05: Developer Powered

    • 0 Comments
    I'll be heading down to Los Angeles this Sunday to take part in my first PDC. I'm going to spend most of my time in the Fundamentals Track Lounge. I'll also be celebrating my birthday at the Ask the Experts on Thursday from 6:30-9:00 (and hopefully celebrating...
  • .NET Security Blog

    PDC '05: Let There Be Light

    • 0 Comments
    After spending the beginning of the morning in the Fundamentals Lounge, I went up to see Keith during the intermission of his Art of Secure Coding and to let him know that Mike and I would swing by his BOF's tomorrow . Afterwords, we grabbed some lunch...
  • .NET Security Blog

    Transparency and Member Visibility

    • 0 Comments
    Before PDC we were talking a bit about security transparency, namely what it is and how to use it . We learned the restrictions placed on transparent code which prevents it from elevating the permissions of the call stack, namely: Transparent code...
Page 1 of 1 (11 items)