Welcome to MSDN Blogs Sign in | Join | Help

September 2004 - Posts

Tuesday, September 28, 2004 12:24 PM

Why Can't I Change the KeySize of Asymmetric Algoritms or: The Joys of Backwards Compatibility

Here's a little quirk that can definitely cause a lot of confusion. When I run the following code snippet, what do you suppose the output will be: RSA rsa = new RSACryptoServiceProvider ( ) ; Console . WriteLine ( rsa . KeySize ) ; rsa . KeySize = 4096;
Posted by shawnfa | 12 Comments
Filed under: ,
Monday, September 27, 2004 11:45 AM

How To Tell if Two PermissionSets Are The Same

Determining if two PermissionSet objects are logically the same is a relatively common thing for an application that deals with security to attempt to do, however the v1.0 and v1.1 PermissionSet classes did not override the Equals method to allow this
Posted by shawnfa | 0 Comments
Filed under: ,
Thursday, September 23, 2004 6:02 PM

Finding Out The Current User in the Debugger

Every once in a while, while debugging multi-threaded applications that do impersonation, it becomes useful to figure out the context that the current thread is running under. This is especially useful when debugging server scenarios where connections
Posted by shawnfa | 2 Comments
Wednesday, September 15, 2004 11:24 AM

How do you use MigPol?

In preparing for Whidbey, we'd like to collect some information about how you use the MigPol tool. Specifically, the CLR Security team is interested in: How do you use MigPol? How often do you use it? Common usage scenarios Did you even know MigPol existed?
Posted by shawnfa | 5 Comments
Filed under: ,
Friday, September 10, 2004 11:32 AM

FormatMessage Shortcut for Win32 Error Codes

If you ever need to P/Invoke to an API that returns extended error information via the GetLastError function, then you've also probably been through the pain of converting the error code into a usable error message via the FormatMessage API ... not exactly
Posted by shawnfa | 5 Comments
Filed under:
Thursday, September 09, 2004 12:28 PM

Spot the Defect: Modifying the Security Policy in Code

Modifying the CLR's security policy can be done in your code by interacting with the SecurityManager object. Specifically, you can access the PolicyHierarchy method which will expose an enumerator over the policy levels, and the SavePolicy method, which
Posted by shawnfa | 2 Comments
Filed under: , , ,
Wednesday, September 08, 2004 12:04 PM

How I Learned to Stop Worrying and Love the GC

Chris Lyon , the CLR's GC tester, has just started up a new MSDN blog. Working on the GC, Chris has a lot of knowledge about how the CLR works internally, and he'll be able to shed some light on one of the most misunderstood components of the runtime.
Posted by shawnfa | 0 Comments
Filed under:
Tuesday, September 07, 2004 4:27 PM

Deploying Policy on v1.0 and 1.1 of the CLR

A lot of the time, someone has written an application that won't run under the CLR's default security settings and needs to provide a mechanism for their users to modify the policy easily in order to allow their application to run. For Whidbey, ClickOnce
Posted by shawnfa | 9 Comments
Filed under: , , ,
Friday, September 03, 2004 3:54 PM

Labor Day Links

Here are a few quick security links to check out over the barbecue this Labor Day Weekend. Nothing says party like a good discussion about impersonation leaks in managed code and how SIDs work, that's what I always say :-) Eric Lippert grabbed another
Posted by shawnfa | 0 Comments
Filed under: , ,
Thursday, September 02, 2004 2:26 PM

.NET 1.0 SP 3 and .NET 1.1 SP 1 Released

Today we pushed .NET 1.0 SP3 and .NET 1.1 SP1 onto Windows Update as a Critical Update. You can also download the service packs from the MSDN download center. Here's a brief review of what's new for security in each service pack: .NET 1.0 SP3 (v1.0.3705.6018)
Posted by shawnfa | 23 Comments
Filed under: , , ,
 
Page view tracker