Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / January 2006

Tip: Looking for answers? Try searching our database.

use CAS demand or not?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Secret Squirrel - 19 Jan 2006 21:21 GMT
Hi,

If CAS policy is setup to deny an assembly ANC the permission
FileIOPermission, then if the assembly attempts to do File IO, the .NET
FW assembly that handles file IO should catch it, right? It shouldn't
be necesarry to put a check for FileIOPermission in the assembly
itself, and would seem to degrade performance because the check is
already going to be done further down the call stack, but the .NET FW
assembly. Plus any assembly wanting to do naughty file IO would just
skip its own demand anyway?

Or is it better to be  explicit about what permissions an assembly
needs, and put an attribute in the assembly to show it does a demand on
FileIOPermission? (even though it's redundent).

Thanks,

Jon Paugh
Reply to this Message
Nicole Calinoiu - 20 Jan 2006 14:34 GMT
> Hi,
>
> If CAS policy is setup to deny an assembly ANC the permission
> FileIOPermission, then if the assembly attempts to do File IO, the .NET
> FW assembly that handles file IO should catch it, right?

Yes, as long as the calls go through framework code paths that demand
FileIOPermission.

>  It shouldn't
> be necesarry to put a check for FileIOPermission in the assembly
> itself,

Not if there's already a "downstream" demand.

> and would seem to degrade performance because the check is
> already going to be done further down the call stack, but the .NET FW
[quoted text clipped - 4 lines]
> needs, and put an attribute in the assembly to show it does a demand on
> FileIOPermission? (even though it's redundent).

There's really no need to duplicate permission demands in this way.  If you
want to communicate your assembly's minimum required permission set,
consider using assembly-level RequestMinimum permission attributes instead.

In general, one only makes CAS permission demands in code that makes
assertions and/or defines or extends a resource that requires protection.
In practice, most of the latter also make assertions (usually for permission
to call into unmanaged code), so most projects aren't likely to need
permission demands that aren't coupled with assertions.  Then again, since
most projects shouldn't need assertions, they probably shouldn't need any
explicit demands for CAS permissions either... ;)
Reply to this Message
Secret Squirrel - 20 Jan 2006 21:12 GMT
Thanks for the response Nicole.
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.