Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / CLR / July 2004

Tip: Looking for answers? Try searching our database.

Do I trust the implementation ?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
hugo batista - 27 Jul 2004 20:10 GMT
Hi
I have a factory pattern that gives me an instance of an implementation that
is not a well known. All I know is the interface, and I read the final
implementation somewhere from my configuration. This is great for plug-ins,
where you can have your code completely independent of the final
implementation.

But now. I don't want so much flexibility. I want to call the
implementation, IF it respects some security concerns, like, for example, if
it is signed for some publisher, or having some public key. How to do this ?
I want something near the linkdemand but at the reverse side. It's not the
called object certifying the caller, but the caller certifying the called
object.

To get things worst, I need this to work with remote server activated
objects, using, for example, a
RemotingServices.Connect(Type.GetType(mytypefullname),myobjectUri)
statement.

No clue. I'm lost. Does someone knows how to do this at .NET Framework 1.1 ?

The ideal situation would be to start something like a Security Context
object, where I define that during some stack calls, I want that all my
instantiated objects respect some evidence rules.

Any help ?

Signature

Hugo Batista

Check out the latest free version of
DotNet eXtended Framework
http://www.dotnetx.org

Reply to this Message
Sunny - 27 Jul 2004 23:14 GMT
Hmmm,

I can not understand you completely. You do not trust the server. So,
you want from the client to check if the server is trustworthy? And you
have no control over the server?

I do not see how you are going to achieve this. If I create a malicious
server, and I want to fool your client, I can return on every call
whatever your client needs, so it will be satisfied.

Err, no exactly. I can think about a public/private key pair. You
distribute the public key with the client, and keep the private with
your servers. On the client, you create a client channels sync, which
encrypts all outgoing messages with the public key. Then, if the server
does not has a private key to decrypt the message, the call will fail,
and your client will know that this server is not the right one.

Sunny

> Hi
> I have a factory pattern that gives me an instance of an implementation that
[quoted text clipped - 22 lines]
>
> Any help ?
Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.