Hi

After delving into CAS for long days, i begin to understand its
security model.

BUT, there is still something i don't understand :
CAS will treat only .NET written program. So it will never see the
others like those written in VB6 or assembly.
Considering not all the program won't be written in .NET languages,
how CAS is interesting for Administrators?

Thanks

CAS is interesting for Admins for .NET apps. Since eventually, most code
will be managed, it makes sense.

-mike
MVP

[quoted text, click to view]

John,
VB6 was not a good example (I belive that majority of these programs will
eventually be redeveloped in .Net or discontinue to be used), but you are
right that there will be non .Net programs in future. Device drivers,
programs developed with using competing technologies/platforms and some
others would, probably, remain unmanaged. But that doesn't actually decrease
value of CAS for everyone (including administrators). Look at it this way:
security features of Internet Information Server could only be used for
securing one specific application and couple of ports. The rest of ports is
never protected by IIS configuration. However no security administrator
would ever say that it meaningless to administer IIS.
CAS provides unique possibility for administrators to control code rights
based on code evidence. It doesn't cover all executable code (just as
securing IIS means nothing for the ports that aren't used by IIS)...
And as amount of managed code grows in the future, value of CAS will grow as
well...

-Valery (Security MVP)
http://www.harper.no/valery



[quoted text, click to view]