Now the security has a trend to become more and more important in our daily work, hence I did some researches on some of the topics, and hope to do more fooling around in the future.

In CLR v1.x, there is a concept of identity permission, where we can use for example StrongNameIdentityPermission class to restrict calling permissions.

In CLR v2.0, it introduces CAS so that identity permission get bypassed. That is, a demand for an identity always succeeds, regardless of the identity of the assembly, if the assembly has been granted full trust.

In CLR v4.0, the security model changes again, some security policy has been eliminated from CAS, for more information please visit: http://msdn.microsoft.com/en-us/library/vstudio/dd233103(v=vs.100).aspx and http://msdn.microsoft.com/en-us/magazine/ee677170.aspx

Now within the new model, how can we secure our assembly from mal-calling?

One of my proposals would be to use InternalsVisibleTo attribute: http://msdn.microsoft.com/en-us/library/bb385840.aspx

And I've seen it has typically been used in some test solution: http://www.cnblogs.com/lmule/archive/2010/08/15/1800227.html

This can be applied if the most concern is at compilation.

If you have more concern in runtime, you may consider doing the authorization logic in the source code such as checking caller's publickey.

However, there is no absolute to avoid ALL attempts of determined developers, they can always find a way, but the difference is easier or harder.

How to make your assembly more secure from referencing by unauthorized bits的更多相关文章

  1. celery 快速入门教程 celery 定时器

    当然首先得安装celery和rabbitmq-server,如果有redis需要安装redis 安装Redis $ yum install redis 启动 Redis $redis-server 检 ...

  2. 在tornado中使用celery实现异步任务处理之中的一个

    一.简单介绍 tornado-celery是用于Tornado web框架的非堵塞 celeryclient. 通过tornado-celery能够将耗时任务增加到任务队列中处理, 在celery中创 ...

  3. 初识Celery

    本系列文章的开发环境: window + python2. + pycharm5 + celery3.1.25 + django1.9.4 在我们日常的开发工作中,经常会遇到这几种情况: 1.在web ...

  4. celery的安装和使用

    celery是python开发的分布式任务调度模块,接口简单,开发容易,五分钟就写出一个异步发送邮件的服务,celery本身不含消息服务,它使用第三方消息服务来传递任务,目前,celery支持的消息服 ...

  5. 转 Celery 使用

    http://www.mamicode.com/info-detail-1798782.html https://blog.csdn.net/lu1005287365/article/details/ ...

  6. 为C# as 类型转换及Assembly.LoadFrom埋坑!

    背景: 不久前,我发布了一个调试工具:发布:.NET开发人员必备的可视化调试工具(你值的拥有) 效果是这样的: 之后,有小部分用户反映,工具用不了(没反应或有异常)~~~ 然后,建议小部分用户换个电脑 ...

  7. ASP.NET Core: You must add a reference to assembly mscorlib, version=4.0.0.0

    ASP.NET Core 引用外部程序包的时候,有时会出现下面的错误: The type 'Object' is defined in an assembly that is not referenc ...

  8. Critical: Update Your Windows Secure Channel (cve-2014-6321,MS14-066)

    前言:风雨欲来山满楼,下半年开始各种凶猛的漏洞层出不穷,天下已经不太平,互联网已经进入一个新的台阶 0x01 cve-2014-6321 11月的补丁月,微软请windows的用户吃了顿大餐,发布了1 ...

  9. An error occurred during the installation of assembly 'Microsoft.VC90.CRT……的问题

    有一段时间没有用到AnkhSvn了,今天工作需要安装了一下.结果安装到一半就无法继续了,提示An error occurred during the installation of assembly ...

随机推荐

  1. PHP 图片上传工具类(支持多文件上传)

    ====================ImageUploadTool======================== <?php class ImageUploadTool { private ...

  2. 键盘按钮keyCode大全

    字母和数字键的键码值(keyCode) 按键 键码 按键 键码 按键 键码 按键 键码 A 65 J 74 S 83 1 49 B 66 K 75 T 84 2 50 C 67 L 76 U 85 3 ...

  3. C#操作access和SQL server数据库代码实例

    在C#的学习中,操作数据库是比较常用的技术,而access和sql server 数据库的操作却有着不同.那么,有哪些不同呢? 首先,需要引用不同的类.因为有着不同的数据引擎. access:usin ...

  4. 去除html的&nbsp;标签

    // 去除html的 标签 String str = "  2016-09-02"; if (str.indexOf("\u00A0") != -1) { st ...

  5. 终于遇到app不兼容,你遇到了么?

    题记: 如果支付宝和QQ不兼容,要二选一,你会怎么选择? 首先了解一下背景: 笔者最近发现,微众银行的app升级到1.7.4, 而患有轻度强迫症的人是迫不及待的点了升级. 第一次,居然安装包安装不成功 ...

  6. CentOS7 睡眠 休眠 关机 电源

    设置装有 CentOS7 的笔记本合盖后黑屏进入睡眠模式 systemd 能够处理某些电源相关的 ACPI事件,你可以通过从 /etc/systemd/logind.conf 以下选项进行配置: Ha ...

  7. 基于SSM的租赁管理系统1.0_20161225_框架搭建

    搭建SSM底层框架 1. 利用mybatis反向工程generatorSqlmapCustom完成对数据库十表的映射 generatorConfig.xml <?xml version=&quo ...

  8. 2. Add Two Numbers——Python

    题目: You are given two linked lists representing two non-negative numbers. The digits are stored in r ...

  9. quickSort算法导论版实现

    本文主要实践一下算法导论上的快排算法,活动活动. 伪代码图来源于 http://www.cnblogs.com/dongkuo/p/4827281.html // imp the quicksort ...

  10. [Android Pro] Android异步任务处理之AsyncTaskLoader的使用

    reference to : http://blog.csdn.net/happy_horse/article/details/51518280 最近项目中涉及到加载本地的地名.db文件,数据量大,自 ...