Thanks for the information, this looks interesting...
>>It's hackable via the Reflection libraries. See [1] for an example of
this. To prevent callers from being able to modify your privates, you
need to add the following:
[assembly: ReflectionPermission(SecurityAction.RequestRefuse, Flags =
R
On Mon, 22 Apr 2002 15:11:07 -0400, Brian G. Vallelunga
<[EMAIL PROTECTED]> wrote:
>Curious say that each method checked a class-wide global variable to
>see if it could run. Now, this global variable would be set to true, if
>the user had successfully authenticated himself.
>
>Even with ILDa
> Curious say that each method checked a class-wide global
> variable to see if it could run. Now, this global variable
> would be set to true, if the user had successfully
> authenticated himself.
>
> Even with ILDasm, there wouldn't be anyway to change the
> value of the variable at all, as
I wrote:
> Mark your assemblies with the
> StrongNameIdentityPermissionAttribute using
> SecurityAction.LinkDemand and your public key.
Ooops! SecurityAction.LinkDemand is at the method level. Use
SecurityAction.RequestMinimum instead if you're going to mark the whole
assembly with the attribute
Joe Reich [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 22, 2002 3:05 PM
To: [EMAIL PROTECTED]
Subject: Re: [DOTNET] Howto secure class libraries
That's why I said keep honest people honest. I maintain that 99% of
users don't even bother, and 90% of that last 01% will give up when they
see
hing else...so nevermind.
> -Original Message-
> From: Jason Bock [mailto:[EMAIL PROTECTED]]
> Sent: Monday, April 22, 2002 2:36 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [DOTNET] Howto secure class libraries
>
> >On Mon, 22 Apr 2002 14:26:15 -0400, Joe Reich
> &g
Peter Meinl [mailto:[EMAIL PROTECTED]] wrote:
> We want to ensure that our DLLs on client PCs can only be
> called by our EXE.
Mark your assemblies with the StrongNameIdentityPermissionAttribute using
SecurityAction.LinkDemand and your public key. Then just sign your EXE(s)
with the same key. As
Check out the StrongNameIdentityPermission sample at
http://www.develop.com/devresources/default.aspx
Dan
-Original Message-
From: Peter Meinl [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 22, 2002 2:21 PM
To: [EMAIL PROTECTED]
Subject: [DOTNET] Howto secure class libraries
We want
On Mon, 22 Apr 2002 14:26:15 -0400, Joe Reich <[EMAIL PROTECTED]> wrote:
>Create each class with a password as part of the constructor?
>
>Really you're only trying to keep the honest people honest here right?
>How super effective does this have to be..?
That's too easy to break via ILDasm (assu
, 2002 2:21 PM
> To: [EMAIL PROTECTED]
> Subject: [DOTNET] Howto secure class libraries
>
>
> We want to ensure that our DLLs on client PCs
> can only be called by our EXE.
>
> We must protect these DLLs because they access
> WebServices (we plan to use certificate m
We want to ensure that our DLLs on client PCs can only be called by our
EXE.
We must protect these DLLs because they access WebServices (we plan to use
certificate mapping and create the certificate using
X509Certificate.CreateFromSignedFile("MyDll.dll")) and an SQL Server (we
hardcode uer/pwd or
11 matches
Mail list logo
