Browse by Tags

Tagged Content List
  • Blog Post: Special Permissions in the SSCLI

    Before digging into a pretty clever optimization that the SSCLI makes for certain special permission demands, I want to point out that everything I’m about to cover is an implementation detail. Although this optimization does occur today, we can and will change it for future versions of the CLR (and...
  • Blog Post: SSCLI Zone Mappings

    My previous post is begging the question "so what is the SSCLI's zone mapping policy?" It's actually quite simple, the source for SecurityPolicy::QuickGetZone in clr\src\vm\securitypolicy.cpp shows that SSCLI maps a URL to: NoZone if the URL is NULL MyComputer if the URL is a file URL ...
  • Blog Post: Custom Zones and the CLR

    On the topic of zones and the CLR ... Windows lets you define custom zones outside of the standard ones that the CLR knows about (see MSDN's topic on Security Zones for more information). However, because the CLR doesn't know about them, generally any assembly loaded from one of those zones will not...
  • Blog Post: What Happens When You Fully Sign a Test Signed Assembly

    When an assembly is test signed , the public key used to verify its signature is different from the public key that makes up part of the assembly identity. So what happens when you take an assembly which is registered as a test signed assembly on your machine and fully sign it? The key here (aren...
  • Blog Post: SSCLI v2

    As Jason announces , v2.0 of the SSCLI is now available for download: http://msdn.microsoft.com/net/sscli . In addition to general CLR features like generics that are available in this download, some interesting security points to look at are: Transparency (sscli20\clr\src\vm\securitytransparentassembly...
  • Blog Post: Comparing Java and .NET Security

    It's been a while since I've last seen a comparison of Java and .NET security . Nathaneal Paul and David Evans from the University of Virginia Computer Science Department recently finished their comparison, Comparing Java and .NET Security: Lessons Learned and Missed. In their paper, Nathaneal and...
  • Blog Post: When is ReflectionPermission Needed?

    Reflection and its interaction with security can sometimes be a bit of a confusing matter. The easiest portion to figure out is the permissions needed to use Reflection.Emit. In order to do anything with the reflection emit feature, you'll need to have ReflectionPermission with the ReflectionEmit flag...
  • Blog Post: Why == and the Equals Method Return Different Results for Floating Point Values

    There's a subtle difference between comparing floating point values with the Equals method and comparing them with the == operator. (In all the code I show in this post, I use the Double class, however everything I say also applies to the Single class). When the following code is run, it compiles...
  • Blog Post: What's the Deal with the ECMA Key?

    The libraries laid out in the ECMA spec are all signed with a public key that looks pretty strange. If you ildasm mscorlib.dll, System.dll, or any of the other framework libraries that are defined in the ECMA specs (see partition IV: Library if you're interested in which libraries these are), you'll...
  • Blog Post: Same Site Socket Permission

    Fairly frequently, people will want to know how to get same site socket permissions, in the same way that they can get same site web permission today. Unfortunately, the answer is that with the security objects shipped with the framework, there is no way to accomplish this. In order to figure out...
  • Blog Post: More Details on Portable Crypto Operations

    Yesterday I posted about detecting which CSP provided algorithms were available on your copy of Windows, and upgrading IE to get a newer CSP that supported more algorithms. Sebastien Pouliot provied some nice followup information on using pure managed classes instead of the *CryptoServiceProvider implementations...
  • Blog Post: How Exceptions Work in Rotor (and the CLR)

    Joel Pobar has a nice post with Jan Kotas' explanation of how exceptions work in Rotor (and by extension, the CLR).
  • Blog Post: Moving

    The GotDotNet blogs are being frozen, so I'll be moving my blog over to the ASP.Net site.  You can find the new location at http://blogs.msdn.com/shawnfa
  • Blog Post: Custom Security Object Samples

    Currently, there are no samples on MSDN for creating custom security objects.  However, the SSCLI ships with implementations for all of the built in security objects that shipped with the .Net framework 1.0.  This source can be used as a sample to help along with custom security object...
Page 1 of 1 (14 items)