Well, there is the issue that this can be subverted by replacing the lmhost or host file on a client pc, but I think that is an easily manageable risk.
> -----Original Message----- > From: Moderated discussion of advanced .NET topics. [mailto:ADVANCED- > [EMAIL PROTECTED] On Behalf Of Block, Jeffrey A. > Sent: Tuesday, July 15, 2003 3:20 AM > To: [EMAIL PROTECTED] > > John, > > Thanks a lot...I agree pretty much across the board, I appreciate your > comments. Have you seen any issues at all? > > Jeff Block > > > > -----Original Message----- > From: Cavnar-Johnson, John [mailto:[EMAIL PROTECTED] > Sent: Monday, July 14, 2003 8:04 PM > To: [EMAIL PROTECTED] > Subject: Re: [ADVANCED-DOTNET] .NET Full Trust Policy to single machine > > > Inline > > > -----Original Message----- > > From: Moderated discussion of advanced .NET topics. [mailto:ADVANCED- > > [EMAIL PROTECTED] On Behalf Of Block, Jeffrey A. > > Sent: Sunday, July 13, 2003 6:29 PM > > To: [EMAIL PROTECTED] > > > > John, > > > > Are you actively using this? > > Yes, although usually I trust a share, rather than a whole machine. > > >If so, could you please share more of your > > experiences, if you able, of course? I work in a mostly corporate, > >Intranet type environment. So, I have some level of trust and > >control. It seems like a good, easy way to deploy applications, but > >it seems that this type of > > setup is frowned upon, but one I have leveraged in other environments > > successfullly. Certainly, if this is a wrong impression, speak up as > > well. > > > > I have seen a few Microsoft employees recommend against this approach and > favor using a code groups based on strong names. I disagree with the > strong > name approach for practical reasons. First, very few of the corporate > clients I work with have deployed effective public key infrastructures. It > is widely viewed as overly complex and bureaucratic, and although I don't > entirely agree with that sentiment, it's not a productive battle for an > external consultant. On the other hand, almost every company I've worked > with has set up file servers with "App" shares where they put apps that > have > been "blessed" by the corporate system administrators. They have tight > controls in place to restrict write access to these shares. It's far > easier > to explain the "app share" approach than establish the procedures > necessary > to securely implement code signing. > > > I was just wondering if some additional "white-paper", (e.g. Winforms > > vs. ASP.Net, size of install, transactional, read-only, environment, > > etc.) info would help as well as caveats, etc. as to _why_ this is > > looked down on from > > anyone else. Seems like a lot of people are trying the no-touch > > deployement > > features with some degree of success, as am I, but it just doesn't seem > > right yet. Maybe its just me, but I see a lot posts regarding the > > deployment of applications. > > Microsoft has done a pitiful job of explaining how to use CAS in a > real-world work environment. As far as I can tell, they've made almost no > attempt to explain it to system administrators. They seem to think that > all > companies work like Microsoft where the developers are in charge. > > > > > I did some preliminary testing over the weekend it sure seems to > > "work" okay, but what's the catch? Always learning and looking for a > > better, easier way...thanks for any thoughts! > > > > Jeff Block > > > > > > > > > ********************************************************************** > This message and any attachments are intended for the > individual or entity named above. If you are not the intended > recipient, please do not forward, copy, print, use or disclose this > communication to others; also please notify the sender by > replying to this message, and then delete it from your system. > > The Timken Company > **********************************************************************
