Now the security has a trend to become more and more important in our daily work, hence I did some researches on some of the topics, and hope to do more fooling around in the future.

In CLR v1.x, there is a concept of identity permission, where we can use for example StrongNameIdentityPermission class to restrict calling permissions.

In CLR v2.0, it introduces CAS so that identity permission get bypassed. That is, a demand for an identity always succeeds, regardless of the identity of the assembly, if the assembly has been granted full trust.

In CLR v4.0, the security model changes again, some security policy has been eliminated from CAS, for more information please visit: http://msdn.microsoft.com/en-us/library/vstudio/dd233103(v=vs.100).aspx and http://msdn.microsoft.com/en-us/magazine/ee677170.aspx

Now within the new model, how can we secure our assembly from mal-calling?

One of my proposals would be to use InternalsVisibleTo attribute: http://msdn.microsoft.com/en-us/library/bb385840.aspx

And I've seen it has typically been used in some test solution: http://www.cnblogs.com/lmule/archive/2010/08/15/1800227.html

This can be applied if the most concern is at compilation.

If you have more concern in runtime, you may consider doing the authorization logic in the source code such as checking caller's publickey.

However, there is no absolute to avoid ALL attempts of determined developers, they can always find a way, but the difference is easier or harder.

How to make your assembly more secure from referencing by unauthorized bits的更多相关文章

  1. celery 快速入门教程 celery 定时器

    当然首先得安装celery和rabbitmq-server,如果有redis需要安装redis 安装Redis $ yum install redis 启动 Redis $redis-server 检 ...

  2. 在tornado中使用celery实现异步任务处理之中的一个

    一.简单介绍 tornado-celery是用于Tornado web框架的非堵塞 celeryclient. 通过tornado-celery能够将耗时任务增加到任务队列中处理, 在celery中创 ...

  3. 初识Celery

    本系列文章的开发环境: window + python2. + pycharm5 + celery3.1.25 + django1.9.4 在我们日常的开发工作中,经常会遇到这几种情况: 1.在web ...

  4. celery的安装和使用

    celery是python开发的分布式任务调度模块,接口简单,开发容易,五分钟就写出一个异步发送邮件的服务,celery本身不含消息服务,它使用第三方消息服务来传递任务,目前,celery支持的消息服 ...

  5. 转 Celery 使用

    http://www.mamicode.com/info-detail-1798782.html https://blog.csdn.net/lu1005287365/article/details/ ...

  6. 为C# as 类型转换及Assembly.LoadFrom埋坑!

    背景: 不久前,我发布了一个调试工具:发布:.NET开发人员必备的可视化调试工具(你值的拥有) 效果是这样的: 之后,有小部分用户反映,工具用不了(没反应或有异常)~~~ 然后,建议小部分用户换个电脑 ...

  7. ASP.NET Core: You must add a reference to assembly mscorlib, version=4.0.0.0

    ASP.NET Core 引用外部程序包的时候,有时会出现下面的错误: The type 'Object' is defined in an assembly that is not referenc ...

  8. Critical: Update Your Windows Secure Channel (cve-2014-6321,MS14-066)

    前言:风雨欲来山满楼,下半年开始各种凶猛的漏洞层出不穷,天下已经不太平,互联网已经进入一个新的台阶 0x01 cve-2014-6321 11月的补丁月,微软请windows的用户吃了顿大餐,发布了1 ...

  9. An error occurred during the installation of assembly 'Microsoft.VC90.CRT……的问题

    有一段时间没有用到AnkhSvn了,今天工作需要安装了一下.结果安装到一半就无法继续了,提示An error occurred during the installation of assembly ...

随机推荐

  1. 已安装php 编译安装 gd库拓展模块

    参考资料:http://wenku.baidu.com/link?url=EgXFShYxeJOZSYNQ_7RCBC-6X8OcRRCqVm4qCv49uBk57d6vLBoUpfYdQ-KqJRs ...

  2. CSS中不定宽块状元素的水平居中显示

    CSS中不定宽块状元素的水平居中显示 慕课网上的HTML/CSS教程 http://www.imooc.com/view/9 其中有三种方法 第一种是加入table标签 任务是实现div元素的水平居中 ...

  3. python3 -pip

    https://docs.python.org/3/installing/ ===== pip is the preferred installer program. Starting with Py ...

  4. ORACLE发送带附件邮件的二三事之一

    在oracle使用过程中,我们可以通过pl/sql生成数据文件,也可以通过spool on spool off生成,但某些环境下,我们需要通过存储过程处理数据,数据处理完,需要自动生成数据文件,手工导 ...

  5. 常见端口 HTTP代码

    端口号 系统保留了前0到1023端口作为常用的网络服务. 0-1023 公认端口 1024-49151 注册端口 49152-65535 动态或私有端口 1 TCPMUX 主要在SGI Irix机器 ...

  6. 排序map

    1.根据map的值,升序排序 Map<String, Integer> map = new TreeMap<String, Integer>(); map.put(" ...

  7. Sql Server本地高版本备份数据备份至远程低版本数据库方法

    想要将Sqlserver高版本备份的数据还原到低版本SqlServer2008R2上去,但是这在SqlServer中是没法直接还原数据库的,通过以下方法可以顺利还原. 通过高版本生成sql脚本在低版本 ...

  8. embed chrome 无法播放问题

    火狐下<embed src='1.mp3' autostart='false' hidden='true' loop='false' ></embed>正常, chrome 不 ...

  9. Dev GridView行拖拽

    http://blog.csdn.net/keyrainie/article/details/8513802 http://www.cnblogs.com/qq4004229/archive/2012 ...

  10. Ubuntu菜鸟入门(八)—— QQ安装

    一.下载 http://www.ubuntukylin.com/application/show.php?lang=cn&id=279 二.安装流程 1.解压,到解压文件夹中运行 sudo d ...