In 4.0 instead of CodeGroup, PermissionSet, Evidence... few new concept has introduced,
One of the challenges with CAS was, the user had to do all the configuration before he start to use a assembly, which was really exhausting. Hence the new concepts Level 2 Security Transparent Model came into that place.
.Net 4.0 introduces 3 new concepts
1. Security Transparent Codes
2. Security Critical Codes
3. Security Safe Critical Codes
Security Transparent Code - This is most insecure code, Eg: it could be a third party assembly
Security Critical Code - This could be the most secure code, Eg the assembly that we developed our self.
Security Safe Critical Code - This is the code that is acting as a bridge between Security Transparent and Security Safe code.
The is one more wonderful concept in place for .Net 4.0 named SandBoxing.
If you need to use some code that you can not trust a lot (i.e Security Transparent Code) then you will create a separate permission set and create another AppDomain just for that assembly, Hence, that assembly will be able to run / access the resource with in that app domain. That way the application will be safe.
Nice detailed article here
Posts
No comments:
Post a Comment