| Groups | Blog | Home |
dotnet security : Help me to understand Code Access Security. I don't get it.
am in a fog on Code Access Security. I don't get it. Could someone please explain the need for CAS and some practical examples of why and when it is necessary to implement it? -- ----------------------------------- Ken Varn Senior Software Engineer Diebold Inc. EmailID = varnk Domain = Diebold.com -----------------------------------
hi,
CAS has been introduced in order to offer the possibility to fine tune access to ressources by your application in order to give it only the necessary rights to prevent potential hacking.. CAS has a wide range of possibilities. for instance you are able to protect the xecution of certain function in your code that is allowed to ruin only if you are under a certain group. CAS offer also the possibility to refuse to run an assembly if it does not have a minimum of permission. For instance imagine that your asssembly need to access to a File on the system, then it needs to get the fileIo permission. If this permision is not set when you execute your assembly it will not run. CAS policy offer also the possibility to set some predifines security rules depending on where you code is executed. Internet or Local machine. YOu can check those groups from the CAS configuration tools in control panel. Remember one think is that CAS come on top of NTFS rights, which means that you cannot allow with CAS the rights to delete a file if the current logon right prevent for it. This is just a breif idea, but theire is a lot more which cannot details all here. Hope it helps s bit Regards serge [quoted text, click to view] "Ken Varn" wrote:
> I have looked at several books and tutorials on .NET Security and frankly, I > am in a fog on Code Access Security. I don't get it. Could someone please > explain the need for CAS and some practical examples of why and when it is > necessary to implement it? > > > > > -- > ----------------------------------- > Ken Varn > Senior Software Engineer > Diebold Inc. > > EmailID = varnk > Domain = Diebold.com > ----------------------------------- > >
IMO the best book ever about CAS was ".NET Framework Security" by Brian LaMachia
et al. Unfortunately it is out of print now - but you may be able to find a used copy... --- Dominick Baier, DevelopMentor http://www.leastprivilege.com [quoted text, click to view] > hi, > > CAS has been introduced in order to offer the possibility to fine tune > access to ressources by your application in order to give it only the > necessary rights to prevent potential hacking.. > CAS has a wide range of possibilities. for instance you are able to > protect > the xecution of certain function in your code that is allowed to ruin > only if > you are under a certain group. > CAS offer also the possibility to refuse to run an assembly if it does > not have a minimum of permission. For instance imagine that your > asssembly need to access to a File on the system, then it needs to get > the fileIo permission. If this permision is not set when you execute > your assembly it will not run. > > CAS policy offer also the possibility to set some predifines security > rules depending on where you code is executed. Internet or Local > machine. YOu can check those groups from the CAS configuration tools > in control panel. > > Remember one think is that CAS come on top of NTFS rights, which means > that you cannot allow with CAS the rights to delete a file if the > current logon right prevent for it. > > This is just a breif idea, but theire is a lot more which cannot > details all here. > > Hope it helps s bit > Regards > serge > "Ken Varn" wrote: > >> I have looked at several books and tutorials on .NET Security and >> frankly, I am in a fog on Code Access Security. I don't get it. >> Could someone please explain the need for CAS and some practical >> examples of why and when it is necessary to implement it? >> >> -- >> ----------------------------------- >> Ken Varn >> Senior Software Engineer >> Diebold Inc. >> EmailID = varnk >> Domain = Diebold.com >> -----------------------------------
i am actually using the MS press book to prepare my exam and I have to say
that they make great effort on this one...reaaly nice content and clear example [quoted text, click to view] "Dominick Baier" wrote:
> IMO the best book ever about CAS was ".NET Framework Security" by Brian LaMachia > et al. > > Unfortunately it is out of print now - but you may be able to find a used > copy... > > --- > Dominick Baier, DevelopMentor > http://www.leastprivilege.com > > > hi, > > > > CAS has been introduced in order to offer the possibility to fine tune > > access to ressources by your application in order to give it only the > > necessary rights to prevent potential hacking.. > > CAS has a wide range of possibilities. for instance you are able to > > protect > > the xecution of certain function in your code that is allowed to ruin > > only if > > you are under a certain group. > > CAS offer also the possibility to refuse to run an assembly if it does > > not have a minimum of permission. For instance imagine that your > > asssembly need to access to a File on the system, then it needs to get > > the fileIo permission. If this permision is not set when you execute > > your assembly it will not run. > > > > CAS policy offer also the possibility to set some predifines security > > rules depending on where you code is executed. Internet or Local > > machine. YOu can check those groups from the CAS configuration tools > > in control panel. > > > > Remember one think is that CAS come on top of NTFS rights, which means > > that you cannot allow with CAS the rights to delete a file if the > > current logon right prevent for it. > > > > This is just a breif idea, but theire is a lot more which cannot > > details all here. > > > > Hope it helps s bit > > Regards > > serge > > "Ken Varn" wrote: > > > >> I have looked at several books and tutorials on .NET Security and > >> frankly, I am in a fog on Code Access Security. I don't get it. > >> Could someone please explain the need for CAS and some practical > >> examples of why and when it is necessary to implement it? > >> > >> -- > >> ----------------------------------- > >> Ken Varn > >> Senior Software Engineer > >> Diebold Inc. > >> EmailID = varnk > >> Domain = Diebold.com > >> ----------------------------------- > >
then you haven't seen the one i am talking about ;)
--- Dominick Baier, DevelopMentor http://www.leastprivilege.com [quoted text, click to view] > i am actually using the MS press book to prepare my exam and I have to > say that they make great effort on this one...reaaly nice content and > clear example > > "Dominick Baier" wrote: > >> IMO the best book ever about CAS was ".NET Framework Security" by >> Brian LaMachia et al. >> >> Unfortunately it is out of print now - but you may be able to find a >> used copy... >> >> --- >> Dominick Baier, DevelopMentor >> http://www.leastprivilege.com >>> hi, >>> >>> CAS has been introduced in order to offer the possibility to fine >>> tune >>> access to ressources by your application in order to give it only >>> the >>> necessary rights to prevent potential hacking.. >>> CAS has a wide range of possibilities. for instance you are able to >>> protect >>> the xecution of certain function in your code that is allowed to >>> ruin >>> only if >>> you are under a certain group. >>> CAS offer also the possibility to refuse to run an assembly if it >>> does >>> not have a minimum of permission. For instance imagine that your >>> asssembly need to access to a File on the system, then it needs to >>> get >>> the fileIo permission. If this permision is not set when you execute >>> your assembly it will not run. >>> CAS policy offer also the possibility to set some predifines >>> security rules depending on where you code is executed. Internet or >>> Local machine. YOu can check those groups from the CAS configuration >>> tools in control panel. >>> >>> Remember one think is that CAS come on top of NTFS rights, which >>> means that you cannot allow with CAS the rights to delete a file if >>> the current logon right prevent for it. >>> >>> This is just a breif idea, but theire is a lot more which cannot >>> details all here. >>> >>> Hope it helps s bit >>> Regards >>> serge >>> "Ken Varn" wrote: >>>> I have looked at several books and tutorials on .NET Security and >>>> frankly, I am in a fog on Code Access Security. I don't get it. >>>> Could someone please explain the need for CAS and some practical >>>> examples of why and when it is necessary to implement it? >>>> >>>> -- >>>> ----------------------------------- >>>> Ken Varn >>>> Senior Software Engineer >>>> Diebold Inc. >>>> EmailID = varnk >>>> Domain = Diebold.com >>>> -----------------------------------
[quoted text, click to view]
"Ken Varn" wrote: > I have looked at several books and tutorials on .NET Security and frankly, I > am in a fog on Code Access Security. I don't get it. Could someone please > explain the need for CAS and some practical examples of why and when it is > necessary to implement it? > Hi Ken, I've been recently having to delve into CAs issues. I believe, in my only recently and quickly acquired knowledge, that security access in .NET is now issued by means of what is known as 'Code Access security'. In other words, in your .NET developed assemblies there will likely be 'parts of the code' which require Security Permissions to operate. In other words, you could have a Windows Form app which resides on a network share, one function in the app may write a file to the share, thus requiring FileIO functionality, if this permission (FileIO Permission) hasnt been granted to the assembly, then a security exception will be raised, i.e. 'a part of the code just tried to do something it wasnt allowed to do i.e write a file to the network. I find the main problem with this heightened security (although it is there to protect us of course) is to choose the best way in which to apply the policies. Something which I intend to ask about in a post in a second or two... HTH in some ways, David
Ken
I too was lost until I found this MSDN webcast by Juval Lowy. http://msdn.microsoft.com/security/understanding/webcasts/default.aspx I remember someone at MS UK, a couple of years ago during a seminar on ASP.NET security, mentioning CAS was one of the least under stood parts of ..NET. Once you get the concepts it's pretty straightforward. HTH Glenn [quoted text, click to view] "Ken Varn" <nospam> wrote in message news:uPj88296GHA.660@TK2MSFTNGP03.phx.gbl... >I have looked at several books and tutorials on .NET Security and frankly, >I > am in a fog on Code Access Security. I don't get it. Could someone > please > explain the need for CAS and some practical examples of why and when it is > necessary to implement it? > > > > > -- > ----------------------------------- > Ken Varn > Senior Software Engineer > Diebold Inc. > > EmailID = varnk > Domain = Diebold.com > ----------------------------------- > >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |