Welcome to MSDN Blogs Sign in | Join | Help

September 2005 - Posts

Monday, September 26, 2005 8:38 AM

Discover Techniques for Safely Hosting Untrusted Add-Ins with the .NET Framework 2.0

The MSDN Magazine site just put up my article, Do You Trust It? Discover Techniques for Safely Hosting Untrusted Add-Ins with the .NET Framework 2.0 , as a preview of their November security issue . In the article I cover various techniques for safely
Posted by shawnfa | 10 Comments
Filed under:
Wednesday, September 21, 2005 10:20 AM

Transparency and Member Visibility

Before PDC we were talking a bit about security transparency, namely what it is and how to use it . We learned the restrictions placed on transparent code which prevents it from elevating the permissions of the call stack, namely: Transparent code cannot
Posted by shawnfa | 0 Comments
Filed under:
Friday, September 16, 2005 12:01 PM

Using Add-Ins with a ClickOnce Deployed Application

One of the attendees at the PDC had an interesting question combining ClickOnce and Add-Ins. Basically, his application was being deployed with ClickOnce, and was running without elevating it's privileges beyond the Internet zone [fan-tastic :-)]. The
Posted by shawnfa | 5 Comments
Filed under:
Wednesday, September 14, 2005 5:48 PM

RequestOptional Removes Permissions

Another interesting question arose today. An assembly was granted FullTrust by policy, which was confirmed by CasPol. Yet it was being prevented from calling code in non-APTCA assemblies. Turns out that the code in question had an assembly level RequestOptional.
Posted by shawnfa | 1 Comments
Filed under:
Wednesday, September 14, 2005 1:13 PM

Creating Partial Trust Directories

Last night at the Writing Partial Trust Code BoF, someone was wondering if they could create a sort of download sandbox on their machine. The problem that we're trying to solve is to be able to save code to the local machine from the browser instead of
Posted by shawnfa | 2 Comments
Filed under:
Tuesday, September 13, 2005 8:33 PM

PDC '05: Quote of the Day

The day's winding down now, and I'm getting ready to head to Keith's BoF's Writing Secure Code and Writing Partially Trusted Code. Before taking off, here's the quote of the day from PDC: "The two things that are helping .NET really take off are the blogs
Posted by shawnfa | 1 Comments
Tuesday, September 13, 2005 1:01 PM

PDC '05: Lunch with Apple

Just got back from lunch with a group from Apple. After checking the rule book, it turns out that no physical laws would be violated by having Apple and Microsoft so close together, and than fully there was no matter-antimatter reaction :-). They were
Posted by shawnfa | 1 Comments
Filed under:
Monday, September 12, 2005 3:29 PM

PDC '05: Let There Be Light

After spending the beginning of the morning in the Fundamentals Lounge, I went up to see Keith during the intermission of his Art of Secure Coding and to let him know that Mike and I would swing by his BOF's tomorrow . Afterwords, we grabbed some lunch,
Posted by shawnfa | 0 Comments
Friday, September 09, 2005 1:58 PM

PDC '05: Developer Powered

I'll be heading down to Los Angeles this Sunday to take part in my first PDC. I'm going to spend most of my time in the Fundamentals Track Lounge. I'll also be celebrating my birthday at the Ask the Experts on Thursday from 6:30-9:00 (and hopefully celebrating
Posted by shawnfa | 0 Comments
Filed under:
Friday, September 09, 2005 9:40 AM

Marking Your Code Transparent

Last week I discussed the concepts of security transparency and security critical code. Now it's time to get into the how-to's Marking an Entire Assembly Critical This is by far the easiest of the operations ... just do nothing [:D]. By default, all assemblies
Posted by shawnfa | 8 Comments
Filed under:
Friday, September 02, 2005 2:02 PM

IronPython + MDbg = good times

Mike Stall recently completed a project to embed IronPython into the MDbg debugger as an MDbg extension. IronPython's hosting interface is pretty slick, in fact it took Mike only 10 steps to get IronPython running inside MDbg and expose the debugger functionality
Posted by shawnfa | 3 Comments
Filed under:
 
Page view tracker