Now the security has a trend to become more and more important in our daily work, hence I did some researches on some of the topics, and hope to do more fooling around in the future.

In CLR v1.x, there is a concept of identity permission, where we can use for example StrongNameIdentityPermission class to restrict calling permissions.

In CLR v2.0, it introduces CAS so that identity permission get bypassed. That is, a demand for an identity always succeeds, regardless of the identity of the assembly, if the assembly has been granted full trust.

In CLR v4.0, the security model changes again, some security policy has been eliminated from CAS, for more information please visit: http://msdn.microsoft.com/en-us/library/vstudio/dd233103(v=vs.100).aspx and http://msdn.microsoft.com/en-us/magazine/ee677170.aspx

Now within the new model, how can we secure our assembly from mal-calling?

One of my proposals would be to use InternalsVisibleTo attribute: http://msdn.microsoft.com/en-us/library/bb385840.aspx

And I've seen it has typically been used in some test solution: http://www.cnblogs.com/lmule/archive/2010/08/15/1800227.html

This can be applied if the most concern is at compilation.

If you have more concern in runtime, you may consider doing the authorization logic in the source code such as checking caller's publickey.

However, there is no absolute to avoid ALL attempts of determined developers, they can always find a way, but the difference is easier or harder.

How to make your assembly more secure from referencing by unauthorized bits的更多相关文章

  1. celery 快速入门教程 celery 定时器

    当然首先得安装celery和rabbitmq-server,如果有redis需要安装redis 安装Redis $ yum install redis 启动 Redis $redis-server 检 ...

  2. 在tornado中使用celery实现异步任务处理之中的一个

    一.简单介绍 tornado-celery是用于Tornado web框架的非堵塞 celeryclient. 通过tornado-celery能够将耗时任务增加到任务队列中处理, 在celery中创 ...

  3. 初识Celery

    本系列文章的开发环境: window + python2. + pycharm5 + celery3.1.25 + django1.9.4 在我们日常的开发工作中,经常会遇到这几种情况: 1.在web ...

  4. celery的安装和使用

    celery是python开发的分布式任务调度模块,接口简单,开发容易,五分钟就写出一个异步发送邮件的服务,celery本身不含消息服务,它使用第三方消息服务来传递任务,目前,celery支持的消息服 ...

  5. 转 Celery 使用

    http://www.mamicode.com/info-detail-1798782.html https://blog.csdn.net/lu1005287365/article/details/ ...

  6. 为C# as 类型转换及Assembly.LoadFrom埋坑!

    背景: 不久前,我发布了一个调试工具:发布:.NET开发人员必备的可视化调试工具(你值的拥有) 效果是这样的: 之后,有小部分用户反映,工具用不了(没反应或有异常)~~~ 然后,建议小部分用户换个电脑 ...

  7. ASP.NET Core: You must add a reference to assembly mscorlib, version=4.0.0.0

    ASP.NET Core 引用外部程序包的时候,有时会出现下面的错误: The type 'Object' is defined in an assembly that is not referenc ...

  8. Critical: Update Your Windows Secure Channel (cve-2014-6321,MS14-066)

    前言:风雨欲来山满楼,下半年开始各种凶猛的漏洞层出不穷,天下已经不太平,互联网已经进入一个新的台阶 0x01 cve-2014-6321 11月的补丁月,微软请windows的用户吃了顿大餐,发布了1 ...

  9. An error occurred during the installation of assembly 'Microsoft.VC90.CRT……的问题

    有一段时间没有用到AnkhSvn了,今天工作需要安装了一下.结果安装到一半就无法继续了,提示An error occurred during the installation of assembly ...

随机推荐

  1. C++指针参数引用

    粘个代码占位置,以后有时间把指针函数,函数指针都补上 #include <iostream> using namespace std; void freePtr1(int* p1){ /* ...

  2. mapReduce的shuffle过程

    http://www.jianshu.com/p/c97ff0ab5f49 总结shuffle 过程: map端的shuffle: (1)map端产生数据,放入内存buffer中: (2)buffer ...

  3. mysql load data 乱码

    解决方案: http://stackoverflow.com/questions/26256421/sql-load-data-infile-utf8-issue 即: load data local ...

  4. ThinkPHP学习总结

    ThinkPHP学习总结 网站开发使用的thinkPHP5.0在此总结备查 MVC关系功能图 一.Thinkphp开发规范 l 类 类库.函数文件统一以.php为后缀: 类的文件名均以命名空间定义,并 ...

  5. 把包发布到npm官网

    一.包 包就是多模块的集合,CommonJS的包规范给程序员提供了组织模块的标准,减少沟通成本. 规范: 所有的模块放在demo文件夹下(包名)的lib文件夹里面 在lib文件夹的同级目录下新建ind ...

  6. 从APP跳转到WI-FI

    之前以为,苹果不支持直接从应用跳到系统设置里的WiFi界面.后来发现,这个小功能是可以实现的,而且实现起来并不麻烦.让我们一起来看看吧! 需求 从应用跳到系统设置里的WiFi界面有这个需求存在吗?答案 ...

  7. 解决虚拟机中使用ntpdate报错:ntpdate[46700]: no server suitable for synchronization found

    在使用ntpdate同步时间时出现上述错误: ntpdate[46700]: no server suitable for synchronization found 没有找到好的解决方案,只能换另外 ...

  8. 微信小程序资料

    作者:初雪链接:https://www.zhihu.com/question/50907897/answer/128494332来源:知乎著作权归作者所有,转载请联系作者获得授权. 1:下载开发者工具 ...

  9. ionic build Android错误记录未解决

    1.try itcordova -v cordova create testing cd testing cordova plugin add cordova-plugin-sim cordova p ...

  10. CSS中使用text-transform实现首字母大写

    CSS中首字母大写怎么实现?日常生活中需求方对英文的要求比较多,有的时候需要让英文单词或拼音首个字母大写;有的时候需要让全文中英文单词全大写或小写.这时候我们就需要text-transform属性了. ...