John, Thanks a lot...I agree pretty much across the board, I appreciate your comments. Have you seen any issues at all?
Jeff Block -----Original Message----- From: Cavnar-Johnson, John [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 8:04 PM To: [EMAIL PROTECTED] Subject: Re: [ADVANCED-DOTNET] .NET Full Trust Policy to single machine Inline > -----Original Message----- > From: Moderated discussion of advanced .NET topics. [mailto:ADVANCED- > [EMAIL PROTECTED] On Behalf Of Block, Jeffrey A. > Sent: Sunday, July 13, 2003 6:29 PM > To: [EMAIL PROTECTED] > > John, > > Are you actively using this? Yes, although usually I trust a share, rather than a whole machine. >If so, could you please share more of your > experiences, if you able, of course? I work in a mostly corporate, >Intranet type environment. So, I have some level of trust and >control. It seems like a good, easy way to deploy applications, but >it seems that this type of > setup is frowned upon, but one I have leveraged in other environments > successfullly. Certainly, if this is a wrong impression, speak up as > well. > I have seen a few Microsoft employees recommend against this approach and favor using a code groups based on strong names. I disagree with the strong name approach for practical reasons. First, very few of the corporate clients I work with have deployed effective public key infrastructures. It is widely viewed as overly complex and bureaucratic, and although I don't entirely agree with that sentiment, it's not a productive battle for an external consultant. On the other hand, almost every company I've worked with has set up file servers with "App" shares where they put apps that have been "blessed" by the corporate system administrators. They have tight controls in place to restrict write access to these shares. It's far easier to explain the "app share" approach than establish the procedures necessary to securely implement code signing. > I was just wondering if some additional "white-paper", (e.g. Winforms > vs. ASP.Net, size of install, transactional, read-only, environment, > etc.) info would help as well as caveats, etc. as to _why_ this is > looked down on from > anyone else. Seems like a lot of people are trying the no-touch > deployement > features with some degree of success, as am I, but it just doesn't seem > right yet. Maybe its just me, but I see a lot posts regarding the > deployment of applications. Microsoft has done a pitiful job of explaining how to use CAS in a real-world work environment. As far as I can tell, they've made almost no attempt to explain it to system administrators. They seem to think that all companies work like Microsoft where the developers are in charge. > > I did some preliminary testing over the weekend it sure seems to > "work" okay, but what's the catch? Always learning and looking for a > better, easier way...thanks for any thoughts! > > Jeff Block > > > ********************************************************************** This message and any attachments are intended for the individual or entity named above. If you are not the intended recipient, please do not forward, copy, print, use or disclose this communication to others; also please notify the sender by replying to this message, and then delete it from your system. The Timken Company **********************************************************************
