• .NET Security Blog

    Beta 2, Get Yer Beta 2

    • 0 Comments
    As I'm sure most of you have seen by now, today we announced the availability of Visual Studio 2005 Beta 2 and SQL Server 2005 April Community Tech Preview. The release is a huge step over the old beta 1 bits, and can be found on MSDN . One of the...
  • .NET Security Blog

    Security and the Papal Election

    • 4 Comments
    With the Papal Election only four days away, Bruce Schneier has taken a look at the process from a security standpoint . I found this to be quite an interesting read, since virtually all the information I have about electing a new Pope came from reading...
  • .NET Security Blog

    Trusting Applications with their Strong Name

    • 1 Comments
    Last time I talked about reasons that you might want to strongly name your application's entry point . The most obvious reason is so that you can setup your security policy to increase the level of trust given to that assembly by the default policy. You...
  • .NET Security Blog

    When to Strongly Name an Application Entry Point

    • 4 Comments
    Junfeng wonders why you might want to strongly name an exe . Sometimes strong naming your exe can be a very useful, but like any feature it's not necessarily always the tool you need for the job. For instance, when running a simple managed .exe off of...
  • .NET Security Blog

    Happy Birthday Channel 9

    • 2 Comments
    Channel 9 turns one year old today, and to celebrate they've been releasing quite a few interesting interviews. One in particular that really stands out is the four parter with Windows Kernel Architect Dave Probert . Dave gives an overview of Windows...
  • .NET Security Blog

    More on First Pass Exception Issues

    • 5 Comments
    Keith Brown recently pointed out that the issues with first pass exception handling extend well beyond the instance I mention of correctly reverting your impersonation context . Basically, anywhere you rely on a finally block to keep your state consistent...
  • .NET Security Blog

    Reading a File from Partial Trust

    • 2 Comments
    When authoring an application to run with partial trust, one of the problems many people hit is the inability to open an arbitrary file for reading. Generally partial trust code just won't have the FileIOPermission necessary to do this. Obviously preventing...
  • .NET Security Blog

    Safe Impersonation With Whidbey

    • 7 Comments
    Over the last couple of days we've talked about how to impersonate another user , and some security issues to keep in mind while impersonating . Now I'd like to take a look at some new features available in Whidbey which can make the whole process much...
  • .NET Security Blog

    Safely Impersonating Another User

    • 17 Comments
    Yesterday I posted a bit of code that shows how to impersonate another user in managed code. However, that code had a subtle security hole waiting to bite you if you used it directly. Both Dean and Eric found the problem. In fact Eric reminded me of a...
  • .NET Security Blog

    How to Impersonate

    • 18 Comments
    Guillermo recently started blogging about some Whidbey enhancements around impersonation. However, figuring out how to impersonate in the first place can be a little less than obvious. WindowsIdentity contains an Impersonate method, but it doesn't accept...
  • .NET Security Blog

    X509CertificateEx is now X509Certificate2

    • 4 Comments
    Last fall, in the article Mike Downen and I wrote for MSDN magazine , we mentioned the expanded support for X.509 certificates, and specifically pointed out how to use them with XML digital signatures . For those of you picking up the Febuaray CTP (and...
  • .NET Security Blog

    BCL Blog Day

    • 0 Comments
    Next Tuesday (March 15th), the BCL team is having a blog day where they're planning on devoting the entire day to creating blog entries and samples exploring the BCL. They're soliciting feedback as to what kind of samples you like to see , so if you're...
  • .NET Security Blog

    Don't Deny SkipVerification

    • 0 Comments
    SkipVerification permission, which allows the JIT to compile any code even if it cannot prove the safety of that code, is a bit of a special permission. For instance, it's the only permission which causes an exception other than SecurityException when...
  • .NET Security Blog

    When is ReflectionPermission Needed?

    • 11 Comments
    Reflection and its interaction with security can sometimes be a bit of a confusing matter. The easiest portion to figure out is the permissions needed to use Reflection.Emit. In order to do anything with the reflection emit feature, you'll need to have...
  • .NET Security Blog

    Reid Talks about Security State and NGEN

    • 1 Comments
    Following up on the pieces we had last week that mentioned NGEN and security ... Reid has just posted a good piece about how NGEN deals with the fact that the grant set of an assembly can change from the time the assembly is NGENed to the time that it...
  • .NET Security Blog

    The Difference Between the Strong Name Hash and Hash Evidence

    • 7 Comments
    The System.Security.Policy.Hash class allows you to make security decisions based upon the hash of an assembly using the HashMembershipCondition . That sounds awfully similar to how strong names are calculated ... According to ECMA partition II section...
  • .NET Security Blog

    CLR Bloggers Redux

    • 1 Comments
    Since I posted the list CLR bloggers , I've gotten many requests for the list in OPML format. So by popular demand, I've done the conversion and put the result here: CLR Bloggers OPML . I'll continue to keep the original list and the OPML as up to date...
  • .NET Security Blog

    Public Key Tokens

    • 1 Comments
    Time for another visit to the managed strong name API; this time lets take a look at public key tokens. If we want to calculate a token, the strong name API provides two functions that we can use. We've already covered the first, StrongNameTokenFromAssemblyEx...
  • .NET Security Blog

    Mindless Link Propagation

    • 0 Comments
    Rick Byers , who works on the CLR's DevServices (read: debugger) team recently started blogging. Today he writes about a topic that comes up every month or so on our internal mailing lists, covariance and contravariance of CLR generics (read: why can...
  • .NET Security Blog

    Feedback on Link and Disjunctive Demands

    • 4 Comments
    In the spirit of gathering feedback from the community, here are two more feature areas we're interested in knowing how you use: Have you ever encountered the need to use a LinkDemand for a permission that did not inherit from CodeAccessPermission. (For...
  • .NET Security Blog

    More on the FullTrust GAC

    • 19 Comments
    Last week I mentioned that although currently assemblies in the GAC receive FullTrust as a side effect of the GAC being on the local machine, from Whidbey beta 2 and beyond, being in the GAC will imply FullTrust on its own. A lot of the feedback wondered...
  • .NET Security Blog

    Does Being in the GAC Grant FullTrust?

    • 20 Comments
    What does being in the GAC imply about the permission set that will be assigned to an assembly? Well, it depends ... In v1.0 and 1.1, the fact that assemblies in the GAC seem to always get a FullTrust grant is actually a side effect of the fact that the...
  • .NET Security Blog

    Blogging around the CLR

    • 16 Comments
    As of today, there are 40 members of the extended CLR team with blogs on and off of MSDN. Some are more active than others, but if you're looking for a blog that might cover a specific area, here's some places to check out. Note these are categorized...
  • .NET Security Blog

    Allowing Partially Trusted Callers

    • 31 Comments
    The AllowPartiallyTrustedCallersAttribute (affectionately referred to as APTCA from here on out), is one of the aspects of the security system that most frequently trips people up when they run into it. Lets look at a typical scenario where I might run...
  • .NET Security Blog

    Running IE with SAFER

    • 6 Comments
    Michael Howard recently did a two part series on MSDN about browsing the web and reading email safely as an Administrator ( part 1 | part 2 ). Today he's got a Quick Start posted on his blog to get IE setup to run with SAFER. Personally, I prefer the...
Page 8 of 15 (368 items) «678910»