A Closer Look at the Simple Sandboxed AppDomain

Securing AppDomain Data

.Net Security Blog — Tue, 23 Aug 2005 00:49:46 GMT

While we're on the topic of AppDomains ...
One feature of AppDomains that many people don't know about...

re: A Closer Look at the Simple Sandboxed AppDomain

shawnfa — Tue, 23 Aug 2005 00:09:21 GMT

In order to pull that off, the ClickOnce app needs to have permission to read from the internet and write to a folder it can load assemblies from.

Partial trust ClickOnce apps do not have permission to discover where they're executing from -- this means they won't know where to write that assembly to. That prevents them from being able to load any code they want under their permission set.

However, there's no need for them to connect to the Internet -- why wouldn't a malicious app just include the untrustworthy code in its install?

-Shawn

re: A Closer Look at the Simple Sandboxed AppDomain

Keith Brown — Sat, 20 Aug 2005 20:46:25 GMT

Wow. That is *very* different. So click-once apps will run under this model as opposed to the older policy-based model?

And if a ClickOnce app dynamically downloads assemblies from the Internet, they will also get the overall app's grant set? Now I'm starting to get mihailik's heebie jeebies...