Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

Tuesday, December 02, 2008 2:26 PM

CryptoConfig

The crypto config schema has been a bit of a hot topic around here lately, specifically around how to modify the CLR's machine.config to get custom crypto types registered with CryptoConfig. Let's take a quick look at what CryptoConfig is first, and then
Posted by shawnfa | 0 Comments
Filed under: ,
Monday, August 25, 2008 11:09 AM

Using RSACryptoServiceProvider for RSA-SHA256 signatures

Earlier this month, we released .NET 3.5 SP 1 .  One of the new features available in this update is that RSACryptoServiceProvider has gained the ability to create and verify RSA-SHA256 signatures. Since RSACryptoServiceProvider relies on the underlying
Posted by shawnfa | 0 Comments
Filed under: ,
Thursday, July 10, 2008 12:20 PM

CLR Security Team CodePlex Site

The CLR Security Team just launched our CodePlex site: http://www.codeplex.com/clrsecurity .  Currently, it contains two assemblies that provide additional functionality to the security APIs shipped in v3.5 of the .NET Framework. We'd love your feedback
Posted by shawnfa | 0 Comments
Wednesday, July 09, 2008 11:07 AM

Dr. Dobbs Looks at Silverlight Security

Dino Esposito has an article in the March Dr. Dobb's Journal taking a look at the Silverlight platform from a security perspective: The Silverlight 2.0 Security Model .  The second half in particular boils down some of the details of the transparency
Posted by shawnfa | 0 Comments
Filed under: ,
Wednesday, May 14, 2008 9:09 AM

Strong Name Bypass

Many managed applications start up slower than they really need to because of time spent verifying their strong name signatures. For most of these applications, the strong name verification isn't buying the application anything - especially fully trusted
Posted by shawnfa | 0 Comments
Filed under: , ,
Monday, May 12, 2008 10:49 AM

FullTrust on the LocalIntranet

We released the first beta of .NET 3.5 SP 1 this morning, and it includes a change to the default grant set for applications launched from the LocalIntranet zone. The quick summary is that as of .NET 3.5 SP1, applications run from a network share will
Posted by shawnfa | 0 Comments
Filed under: , , ,
Friday, March 14, 2008 7:00 AM

Disabling the FIPS Algorithm Check

.NET 2.0 introduced a check for FIPS certified algorithms if your local security policy was configured to require them. This resulted in algorithms which are not FIPS compliant (or implementations which were not FIPS certified) throwing an InvalidOperationException
Posted by shawnfa | 0 Comments
Tuesday, March 04, 2008 10:27 AM

CAS and Native Code

CAS is complicated enough to understand when all of the moving parts are written in managed code (and therefore have all the associated managed meta-information like grant sets, etc). However, once native code comes into play things can get even more
Posted by shawnfa | 0 Comments
Filed under: , ,
Thursday, February 07, 2008 9:00 AM

Which Groups Does WindowsIdentity.Groups Return?

WindowsIdentity exposes a Groups property which returns a collection of IdentityReferences for the groups that a particular user is a member of. However, if you look closely, you'll find that these returned groups won't necessarily include all of the
Posted by shawnfa | 0 Comments
Filed under: ,
Thursday, January 24, 2008 10:00 AM

Manifested Controls Redux

Last year, I made a series of posts about a new feature available in the betas of .NET 3.5 which enabled you to specify declaratively the set of permissions that IE hosted managed controls should run with. Since the betas there have been a couple of tweaks
Posted by shawnfa | 0 Comments
Filed under: , , ,

Attachment(s): ManifestControl.zip
Tuesday, October 30, 2007 11:35 AM

Transparency as Least Privilege

In my last post I mentioned that there is a better alternative to RequestRefuse for achieving least privilege . The tool I like to use for least privilege is actually the security transparency model available in v2.0+ of the CLR (and which became the
Posted by shawnfa | 0 Comments
Filed under: ,
Tuesday, October 02, 2007 9:24 AM

Avoiding Assembly Level Declarative Security

I've written in the past about the three assembly level declarative security actions : RequestMinimum, RequestOptional, and RequestRefuse. Although the CLR has supported these since v1.0, I tend to stay away from using them as much as I possibly can,
Posted by shawnfa | 0 Comments
Filed under: , , ,
Wednesday, June 20, 2007 9:10 AM

CLR Inside Out: Digging into IDisposable

My third MSDN magazine article, Digging into IDisposable , appeared in this month's issue in the CLR Inside Out Column. It's a bit of a departure from my usual security fare; this time looking at how to best handle writing class libraries that must manage
Posted by shawnfa | 0 Comments
Filed under: , ,
Monday, May 14, 2007 8:45 AM

Silverlight Security Cheat Sheet

Over the last week we took a look at the new Silverlight security model. When you're writing a Silverlight application though, there's a lot of information there that you may not want to wade through to get yourself unblocked. Here's a quick cheat sheet
Posted by shawnfa | 3 Comments
Filed under: ,
Friday, May 11, 2007 8:12 AM

Silverlight Security III: Inheritance

Over the last few days we've looked at the basics of the CoreCLR security model in Silverlight , and how to tell which platform APIs are available for applications to call . Let's wrap up this mini-series on CoreCLR security by looking at how the CoreCLR
Posted by shawnfa | 2 Comments
Filed under: ,
More Posts Next page »
 
Page view tracker