Now the security has a trend to become more and more important in our daily work, hence I did some researches on some of the topics, and hope to do more fooling around in the future.

In CLR v1.x, there is a concept of identity permission, where we can use for example StrongNameIdentityPermission class to restrict calling permissions.

In CLR v2.0, it introduces CAS so that identity permission get bypassed. That is, a demand for an identity always succeeds, regardless of the identity of the assembly, if the assembly has been granted full trust.

In CLR v4.0, the security model changes again, some security policy has been eliminated from CAS, for more information please visit: http://msdn.microsoft.com/en-us/library/vstudio/dd233103(v=vs.100).aspx and http://msdn.microsoft.com/en-us/magazine/ee677170.aspx

Now within the new model, how can we secure our assembly from mal-calling?

One of my proposals would be to use InternalsVisibleTo attribute: http://msdn.microsoft.com/en-us/library/bb385840.aspx

And I've seen it has typically been used in some test solution: http://www.cnblogs.com/lmule/archive/2010/08/15/1800227.html

This can be applied if the most concern is at compilation.

If you have more concern in runtime, you may consider doing the authorization logic in the source code such as checking caller's publickey.

However, there is no absolute to avoid ALL attempts of determined developers, they can always find a way, but the difference is easier or harder.

How to make your assembly more secure from referencing by unauthorized bits的更多相关文章

  1. celery 快速入门教程 celery 定时器

    当然首先得安装celery和rabbitmq-server,如果有redis需要安装redis 安装Redis $ yum install redis 启动 Redis $redis-server 检 ...

  2. 在tornado中使用celery实现异步任务处理之中的一个

    一.简单介绍 tornado-celery是用于Tornado web框架的非堵塞 celeryclient. 通过tornado-celery能够将耗时任务增加到任务队列中处理, 在celery中创 ...

  3. 初识Celery

    本系列文章的开发环境: window + python2. + pycharm5 + celery3.1.25 + django1.9.4 在我们日常的开发工作中,经常会遇到这几种情况: 1.在web ...

  4. celery的安装和使用

    celery是python开发的分布式任务调度模块,接口简单,开发容易,五分钟就写出一个异步发送邮件的服务,celery本身不含消息服务,它使用第三方消息服务来传递任务,目前,celery支持的消息服 ...

  5. 转 Celery 使用

    http://www.mamicode.com/info-detail-1798782.html https://blog.csdn.net/lu1005287365/article/details/ ...

  6. 为C# as 类型转换及Assembly.LoadFrom埋坑!

    背景: 不久前,我发布了一个调试工具:发布:.NET开发人员必备的可视化调试工具(你值的拥有) 效果是这样的: 之后,有小部分用户反映,工具用不了(没反应或有异常)~~~ 然后,建议小部分用户换个电脑 ...

  7. ASP.NET Core: You must add a reference to assembly mscorlib, version=4.0.0.0

    ASP.NET Core 引用外部程序包的时候,有时会出现下面的错误: The type 'Object' is defined in an assembly that is not referenc ...

  8. Critical: Update Your Windows Secure Channel (cve-2014-6321,MS14-066)

    前言:风雨欲来山满楼,下半年开始各种凶猛的漏洞层出不穷,天下已经不太平,互联网已经进入一个新的台阶 0x01 cve-2014-6321 11月的补丁月,微软请windows的用户吃了顿大餐,发布了1 ...

  9. An error occurred during the installation of assembly 'Microsoft.VC90.CRT……的问题

    有一段时间没有用到AnkhSvn了,今天工作需要安装了一下.结果安装到一半就无法继续了,提示An error occurred during the installation of assembly ...

随机推荐

  1. C++指针参数引用

    粘个代码占位置,以后有时间把指针函数,函数指针都补上 #include <iostream> using namespace std; void freePtr1(int* p1){ /* ...

  2. Spring mvc时间格式处理

    spring mvc中,如果时间格式是yyyy-MM-dd,传入后台会报错,要增加一些配置才可以. 1.修改spring-mvc.xml,增加org.springframework.format.su ...

  3. Yii 1开发日记 -- 后台搜索功能下拉及关联表搜索

    Yii 1 实现后台搜索,效果如下: 一. 下拉搜索: 1.模型中和常规的一样 if (isset($_GET['agency']['status']) && $_GET['agenc ...

  4. Java笔记:修饰符

    Synchronized 修饰符 Synchronized 关键字声明的方法同一时间只能被一个线程访问.Synchronized 修饰符可以应用于四个访问修饰符. 实例 public synchron ...

  5. rem、px、em之间的区别以及网页响应式设计写法

    个人收藏用,转载自:http://www.w3cplus.com/css3/define-font-size-with-css3-rem 在Web中使用什么单位来定义页面的字体大小,至今天为止都还在激 ...

  6. JS中定义对象原型的两种使用方法

    第一种: function Person() { this.username = new Array(); this.password = "123"; } Person.prot ...

  7. ftp org.apache.commons.net.ftp.FTPClient 判断文件是否存在

    String path = "/SJPT/ONPUT/HMD_TEST/" ; FtpTool.getFTPClient().changeWorkingDirectory(path ...

  8. 【笔记】读取properties文件

    package com.bshinfo.el.userInfo.util; import java.io.BufferedReader; import java.io.File; import jav ...

  9. 【转】Js获取当前日期时间及格式化操作

    (转自:http://www.cnblogs.com/qinpengming/archive/2012/12/03/2800002.html) var myDate = new Date(); myD ...

  10. 3.1 AngularJS必备知识

    AngularJS是一个WEB应用框架. 本节我们会学习控制器(控制数据),会学习作用域(连接控制器和用户界面),用户界面又叫做视图,通过模板和作用域来创建交互视觉效果.另外,我们还会学习其他的特性比 ...