February, 2006

  • .NET Security Blog

    Enveloped PKCS #7 Signatures

    • 16 Comments
    One of the new cryptography features in the v2.0 framework is the ability to work with PKCS #7 formatted messages . The PKCS features live in the new System.Security.Cryptography.Pkcs namespace in System.Security.dll, and are thin wrappers around the...
  • .NET Security Blog

    APTCA and Custom Attributes

    • 2 Comments
    Haibo just posted an excellent article about what happens when you use reflection to get a custom attribute across trust boundaries . The specific situation he talks about is when you have: A fully trusted assembly defining a custom attribute ...
  • .NET Security Blog

    The best part about today ...

    • 3 Comments
    ... the availability of peanut butter cups 6 2/3 times bigger than normal . The best part about tomorrow? They'll probably be available for less than a dollar at Safeway. I can feel the waistline growing already :-)
  • .NET Security Blog

    SN v2.0 Works With PFX Files

    • 10 Comments
    One enhancement to the v2.0 SN tool that may not get noticed right away is that it now has the ability to work with PKCS #12 PFX files in addition to SNK files. The logic here is that a self signed certificate stored in a PFX file is the moral equivalent...
  • .NET Security Blog

    What Happens If Security Policy Files Are Missing?

    • 0 Comments
    We've previously discussed where the security policy files are located on your disk . Depending on how you install the CLR, you may find that the actual security .config files are missing -- what does the CLR do if it can't find them? Even if there...
  • .NET Security Blog

    Which Package are the Security Tools In?

    • 13 Comments
    When installing the v2.0 .NET redist package, you'll find that the .Net Configuration MMC snap-in is missing . As of v2.0, we've moved this tool to the SDK package, which you can download here: [x86] [ x64 ] [ IA64 ]. The split of security tools between...
  • .NET Security Blog

    Deny and PermitOnly Are Not For Sandboxing

    • 0 Comments
    Deny and PermitOnly cannot be used to create an effective sandbox because like Assert , they function as stack walk modifiers -- meaning they modify the current call stack and not the grant set of an assembly. We talked about this previously in Assert...
Page 1 of 1 (7 items)