Tip

Code-access cecurity

Code-Access Security

By now, unless you've been living under a rock in Mongolia, or you haven't come to our site for developer tips, you've probably heard about a new programming language, called C# (pronounced: C Sharp). C# is a simple, object oriented language attempting to combine the ease of Visual Basic with the power of C++.

Whether Microsoft can garner crucial developer interest for its new language remains to be seen, but if you're curious about C#, keep reading for a free way to learn more.

The first book we know of on this subject is by Christoph Wille. It's

    Requires Free Membership to View

Presenting C# (published by Sams Publishing). Chapters 10 through 12 are currently published online on InfromIT. Every other week, InfromIT will publish three additional chapters of the book. You can whet your appetite with the excerpt below that delves into some of the security provisions of the new language.

~~~~~~~~~~~~~~~~~~

Today, code can come to a user's desk not only via a setup application executed from a company's network server, but also from the Internet via a Web page or an email. Recent experiences have shown that this can be quite dangerous. So how can this threat be answered with .NET?

The .NET solution is code-access security. It controls access to protected resources and operations. Code is trusted to varying degrees, depending on its identity and where it comes from. The amount of code that must be fully trusted is reduced to a minimum.

The following are the most notable functions of code access security:

  • Administrators can define security policies that assign certain permissions to defined groups of code.
  • Code can demand that a caller must have specific permissions.
  • Code execution is restricted by the runtime. Checks are performed that verify the granted permissions of a caller match the required permissions for the operations.
  • Code can request the permissions it requires to run and the permissions that would be useful, as well as explicitly state which permissions it must never have.
  • Permissions are defined that represent certain rights to access various system resources.
  • Code-access security grants permissions when a component is loaded. This granting is based on the requests by the code, as well as the permitted operations defined by the security policy.

From reading this list, you can see that less-trusted code will be prevented from calling highly trusted code because permissions of the less-trusted code are enforced. You will especially like that for Internet scenarios.

The two important points of code-access security are verification of the type safety of managed code, and the permissions that are requested by the code. The minimum requirement for you to benefit from code- access security is to generate type-safe code.

--------------------------------------------------
To read chapters 10 through 12 of Presenting C# online, click over to InfromIT.com. Registration is required on InfromIT, but it's free. Those chapters will only be available through October 1, so click over soon if you are interested.
--------------------------------------------------

Read the transcript of our recent chat with MS C# expert Tony Goodhew.


This was first published in September 2000

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.