July, 2006

  • .NET Security Blog

    What Evidence does Internet Explorer Give an Assembly

    One of the reasons I started this blog was to have a permanent record of a question I used to see on the old microsoft.public.dotnet.security newsgroup about providing extra trust for an Internet Explorer hosted assembly . In that post I mentioned that...
  • .NET Security Blog

    $20 on Double Zero, $20 on LUA please

    I spent last weekend in Vegas, and on Saturday night / Sunday morning decided to recreate those college bar crawls with a bit of a casino crawl. Starting a Caesar's we bounced up the strip hitting every casino on the way with one rule: start with $40...
  • .NET Security Blog

    ClickOnce Same Site Permissions

    ClickOnce applications can request that they be granted permission to contact their site of origin. In Visual Studio this is done by clicking on the Advanced button in the Security tab of the project properties and checking "Grant the application access...
  • .NET Security Blog

    Sandboxed Applications Can’t Elevate Their Own Permissions

    Every once in a while someone will ask how they can do something similar to these caspol commands from within their application. Generally, they want their application to be deployed from the Internet or a file share and don’t want users to have to deal...
  • .NET Security Blog

    Every CLR has Independent CAS Policy

    It’s relatively easy to find a set of instructions for using caspol or Admin UI to provide a CAS elevation for some managed code that’s hitting security exceptions. However, using the directions correctly gets complicated when multiple runtimes are on...
  • .NET Security Blog

    Column Guides in Visual Studio

    A lot of coding guidelines specify the maximum length for a line of code. For instance in the CLR, we like to keep lines of code under 110 characters long. Visual Studio has a feature which lets you display a vertical line at the column of your choosing...
Page 1 of 1 (6 items)