 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / CLR / May 2007Security when Hosting CLR
I think I asked a similar question previously, but I can no longer find the post. My company is trying to use the .Net framework with some unhelpful customers. Some refuse to install the .Net framework, and others lock down security to the point where there is no point in having it installed. These are large, security sensitive customers who for some reason think .Net is insecure. They want to be able to deploy my app on a network for non-admin access. Anyway, I have two questions. One, can the .Net framework be deployed to a machine embedded without 'installing' it to the machine? Something in the spirit of isolated-COM or side-by-side deployment? Basically, I could just deploy the .Net framework for my app (not the dotnetfx redistributable). This would be the best solution. If this is not possible, I investigated hosting the .Net runtime. I've looked at implementing my own HostSecurityManager. My question is, is there anyway I can completely override the Enterpise/Machine/User CAS settings if I am hosting the runtime? For example, the Enterprise may have the entire framework locked down. Since my app is unmanaged, can't I somehow at least give the managed parts of my app the same access to the machine that I have in unmanaged code? What I want to do is possible with unmanaged code. And I know it is possible in some ways with managed code, but I am working against unfriendly IT departments, so the normal solutions will not work. Thanks. You could install .net framework on an VM image (Virtual Machine) and users could remotely login to this machine and use the app. By the way, if you compare .net security to windows security, it's pretty much clear which is more secure in the long run. If not a technical issue, this is probably a matter of educating and training customers. HTH I am educating, but it may take time. As for the VM image, this is not an option as the application is performance sensitive. Thanks, Jonathan http://www.remotesoft.com/linker/index.html dunno of anything else. the guy behind it is interviewed here http://www.dotnetrocks.com/default.aspx?showNum=0194 hths >I am educating, but it may take time. As for the VM image, this is not an > option as the application is performance sensitive. > > Thanks, > Jonathan > You could install .net framework on an VM image (Virtual Machine) and > users > could remotely login to this machine and use the app. By the way, if you > compare .net security to windows security, it's pretty much clear which is > more secure in the long run. If not a technical issue, this is probably a I hope you mean that Windows security is more secure? Because no platform is more secure than the blocks it is built on. > matter of educating and training customers. > > HTH AFAIK, there is no known pure (100% managed) .NET exploits around. That makes me ask the question "What do you trust then?". SQL has exploits, Oracle has exploits, DB/2, Windows too (!), XBox... Even Java has some. Maybe only mainframes are out of the list, for now. And they use those products? Anyway.. just my curiosity. For your problem. You might get away of enterprise policy if everything goes well with HostSecurityManager by mapping custom zones: http://blogs.msdn.com/shawnfa/archive/2006/05/18/598210.aspx I'm not an expert of caspol by any means, so I cannot say if it will do or is enough, but maybe the link can give some pointers. >I think I asked a similar question previously, but I can no longer find the > post. My company is trying to use the .Net framework with some unhelpful [quoted text clipped - 29 lines] > > Thanks.
Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.