Welcome to MSDN Blogs Sign in | Join | Help

Security (RSS)

Friday, June 12, 2009 11:33 AM

CLR v4 Security Policy Roundup

Over the last few weeks we’ve been taking a look at the updates to the CLR security policy system in the v4 release of the .NET Framework. Here’s a quick index of those topics: Overview Security Policy in the v4 CLR Sandboxing in .NET 4.0 Updating code
Posted by shawnfa | 1 Comments
Filed under: , , ,
Friday, June 12, 2009 11:27 AM

Temporarily re-enabling CAS policy during migration

Over the last few weeks we’ve been looking at the changes to security policy in .NET 4, namely that security policy is now in the hands of the host and the operating system. While we’ve looked at how to update code that implicitly uses CAS policy , loads
Posted by shawnfa | 1 Comments
Filed under: , , ,
Tuesday, June 09, 2009 12:14 PM

Coding with Security Policy in .NET 4 part 2 – Explicit uses of CAS policy

Over the last few posts, I’ve been looking at how the update to the CLR v4 security policy interacts with how you write managed code against the v4 .NET Framework.  So far we’ve looked at the implicit uses of CAS policy, such as loading assemblies
Posted by shawnfa | 1 Comments
Filed under: , , ,
Monday, June 08, 2009 11:59 AM

More Implicit Uses of CAS Policy: loadFromRemoteSources

In my last post about changes to the CLR v4 security policy model, I looked at APIs which implicitly use CAS policy in their operation (such as Assembly.Load overloads that take an Evidence parameter), and how to migrate code that was using those APIs.  
Posted by shawnfa | 5 Comments
Filed under: , , ,
Thursday, May 28, 2009 1:30 PM

CLR 4 Security on Channel 9

A while back I did an interview with Charles Torre   about the changes to security in CLR v4, and he posted it to the Channel 9 videos site yesterday. I start out talking about the security policy changes I've been covering here over the last week,
Posted by shawnfa | 1 Comments
Thursday, May 28, 2009 7:00 AM

Visual Studio 10 Security Tab Changes

Kris Makey, who works on the Visual Studio team, has written up a good blog post about the changes you’ll see on the security tab in Visual Studio 10 when it comes to editing permission sets .  He covers what the changes are, and some of the reasons
Posted by shawnfa | 1 Comments
Wednesday, May 27, 2009 10:46 AM

Coding with Security Policy in .NET 4.0 – Implicit uses of CAS policy

Last week we looked at sandboxing and the v4 CLR – with the key change being that the CLR now defers exclusively to the host application when setting up sandboxed domains by moving away from the old CAS policy model, and moving instead to simple sandboxed
Posted by shawnfa | 4 Comments
Filed under: , , ,
Friday, May 22, 2009 10:54 AM

Sandboxing in .NET 4.0

Yesterday I talked about the changes in security policy for managed applications , namely that managed applications will run with full trust - the same as native applications - when you execute them directly. That change doesn’t mean that managed code
Posted by shawnfa | 6 Comments
Filed under: , , ,
Wednesday, May 20, 2009 3:58 PM

.NET 4.0 Security

The first beta of the v4.0 .NET Framework is now available , and with it comes a lot of changes to the CLR's security system. We've updated both the policy and enforcement portions of the runtime in a lot of ways that I'm pretty excited to finally see
Posted by shawnfa | 4 Comments
Filed under: , ,
Tuesday, December 02, 2008 2:26 PM

CryptoConfig

The crypto config schema has been a bit of a hot topic around here lately, specifically around how to modify the CLR's machine.config to get custom crypto types registered with CryptoConfig. Let's take a quick look at what CryptoConfig is first, and then
Posted by shawnfa | 1 Comments
Filed under: ,
Monday, August 25, 2008 11:09 AM

Using RSACryptoServiceProvider for RSA-SHA256 signatures

Earlier this month, we released .NET 3.5 SP 1 .  One of the new features available in this update is that RSACryptoServiceProvider has gained the ability to create and verify RSA-SHA256 signatures. Since RSACryptoServiceProvider relies on the underlying
Posted by shawnfa | 4 Comments
Filed under: ,
Thursday, July 10, 2008 12:20 PM

CLR Security Team CodePlex Site

The CLR Security Team just launched our CodePlex site: http://www.codeplex.com/clrsecurity .  Currently, it contains two assemblies that provide additional functionality to the security APIs shipped in v3.5 of the .NET Framework. We'd love your feedback
Posted by shawnfa | 1 Comments
Wednesday, July 09, 2008 11:07 AM

Dr. Dobbs Looks at Silverlight Security

Dino Esposito has an article in the March Dr. Dobb's Journal taking a look at the Silverlight platform from a security perspective: The Silverlight 2.0 Security Model .  The second half in particular boils down some of the details of the transparency
Posted by shawnfa | 1 Comments
Filed under: ,
Wednesday, May 14, 2008 9:09 AM

Strong Name Bypass

Many managed applications start up slower than they really need to because of time spent verifying their strong name signatures. For most of these applications, the strong name verification isn't buying the application anything - especially fully trusted
Posted by shawnfa | 5 Comments
Filed under: , ,
Monday, May 12, 2008 10:49 AM

FullTrust on the LocalIntranet

We released the first beta of .NET 3.5 SP 1 this morning, and it includes a change to the default grant set for applications launched from the LocalIntranet zone. The quick summary is that as of .NET 3.5 SP1, applications run from a network share will
Posted by shawnfa | 13 Comments
Filed under: , , ,
More Posts Next page »
 
Page view tracker