Using Code Access Security??

Some folks here in the big house are trying to figure out how to do a better job with our Code Access Security work… Please take a minute to fill out this survey if you are using code access security and even more important if you are NOT!!

 

Thanks for your help.

Published 06 March 05 08:30 by BradA
Filed under:

Comments

# MrDave's Blog! said on March 6, 2005 7:22 PM:
# Neno Loje's Treasury said on March 6, 2005 7:51 PM:
Code Access Security (CAS) survey
# Luc Cluitmans said on March 7, 2005 12:41 AM:
Just reporting: One of the survey questions was phrased a bit in a way that assumes a certain scenario, and the way it is phrased makes it two questions wrapped into one:

"Are you interested in writing applications that are deployed in the browser and run in “partial trust” without prompting the user (e.g. “managed browser controls”, “HREF Exes”, “Click Once” applications)?"

Notice the 'and' in the question. For me, I am not interested in applications that are deployed in a browser at all, so the second part of the question doesn't matter to me. I think that this question should have been two separate questions. For reference: I do windows forms applications and console applications, always to be run from a local disk.

# Cheong said on March 7, 2005 12:59 AM:
Luc: My case is similar to you, but I think it won't be too difficult to seperate the result because there is another question asking what type of application we're developing. Yet I agree there should be seperate questions for that.
# Rick Samona said on March 7, 2005 9:10 PM:
Thanks for the feedback, Luc and Cheong. I work in Developer Tools at Microsoft and will be analyzing the data. I'll certainly take your comments into consideration when doing the analysis.
# Mark Traudt said on March 17, 2005 2:46 PM:
This is very topical. We have customers who want to call our C# API from apps that are running with partial trust. This seems to me to be a very reasonable thing to do, as it gives them fine grained control over the runtime permission set.

However, in order to support this we need to use the APTCA, and MS recommends against using this attribute. If we choose to ignore their recommendation, then we still have the problem of not being able to call certain framework assemblies (because they demand full trust).

There seems to me to be something odd about the "Full Trust" link demand. The only way to fully trust an app would be to review every line of code (and even then I'm not sure). Is it not better to restrict what the app can do by running with a restricted permission set? Of course, you can do this by running your app with partial trust. Great feature in theory, but then you run into the issues I mention above.

Take the Soap Formatter assembly as just one example. Why does this require full trust? Is there no way to prevent against unauthorized use and still allow it to be called by applications running in a restricted sandbox?
# Kenneth Kasajian said on March 25, 2005 7:00 AM:
There is the promise of Windows Forms Controls running inside of Web Browsers even in high-security mode without requiring that they be trusted. This is done by limiting the capabilities of the control. This is basically the same as the base model of Java applets.. but it is difficult to find concrete information about how to do this, and for some reason, it doesn't work unless the html is brougt up via an http:// URL. java applets don't have this limitaion. Anything that works with http:// works with file://

This whole support needs to be completed and well documented.
New Comments to this post are disabled

Search

Go

This Blog

本博客中文版 (View in Chinese)



These postings are provided "AS IS" with no warranties, and confer no rights.

Syndication

Page view tracker