January, 2006

  • .NET Security Blog

    Detecting that You're Running in a ClickOnce Application

    • 15 Comments
    In my last post , I mentioned that application scoped isolated storage only works if you're running in a ClickOnce application. That begs the question -- how do I tell if I'm currently running in the context of a ClickOnce application? You can see...
  • .NET Security Blog

    Isolated Storage and ClickOnce

    • 13 Comments
    Isolated storage introduced a new scope in v2.0 of the CLR to work with ClickOnce applications. Application scoped Isolated storage is backed by the application's data directory. This enables scenarios where your isolated storage data will flow forward...
  • .NET Security Blog

    How Do You Customize Your Policy?

    • 8 Comments
    As part of planning for our next release, we're interested in collecting some data on how you customize your security policy. We're intereseted in as much information as you have to offer. For instance, do you mainly add code groups to the machine level...
  • .NET Security Blog

    LinkDemands and InheritenceDemands Occur at JIT Time

    • 5 Comments
    We previously saw that the SkipVerification demand for calling a method with unverifiable code occurs at JIT time rather than at runtime. Two other types of demands also occur at JIT time, LinkDemands and InheritenceDemands. An InheritenceDemand will...
  • .NET Security Blog

    PrincipalPermission and Finalizers

    • 3 Comments
    Nicole Calinoiu , one of our developer security MVPs, has just posted a good description of the problems that occur when using PrincipalPermission with impersonation and finalizers . The key thing to take away from this is that impersonation occurs on...
  • .NET Security Blog

    RSACryptoServiceProvider::Encrypt Does Not Provide Deterministic Output

    • 2 Comments
    On one of our internal mailing lists, someone was recently surprised that calling RSACryptoServiceProvider::Encrypt on the same bytes with the same instance of the RSA object resulted in two completely different output bytes arrays. The reason is that...
  • .NET Security Blog

    Mike Rousos on Registry Security

    • 2 Comments
    Over the weekend, Mike Rousos (a BCL tester who's been temporarily drafted onto the security team) posted an interesting piece about the new BCL registry security support on the BCL blog . While the title mentions RegistryPermission, the post is actually...
  • .NET Security Blog

    Debugging ADMHost

    • 0 Comments
    A few people have noticed that the ADMHost sample is not set up to do mixed mode debugging by default. If you're working with this sample and you'd like to debug through both halves of the host, you'll need to enable this mode. Right click on the...
  • .NET Security Blog

    UAC Policy Settings

    • 0 Comments
    The new UAC blog (formerly LUA, formerly UAP) has up a good post on the six security policy settings that have been introduced to control how UAC works. As the Vista betas start coming out and people can start to play with UAC, knowing that some of these...
Page 1 of 1 (9 items)