Women in Technology

Hear us Roar

  Understanding .NET Permissions: Where Did That Permission Come From?
Subject:   More insecurity
Date:   2003-02-18 16:57:28
From:   anonymous2
Until the average end-user has sufficient utility or tools to validate the permission settings of tons of .NET objects, this is just one more gigantic security hole awaiting to be deployed.

No thanks.

Full Threads Oldest First

Showing messages 1 through 1 of 1.

  • More insecurity
    2003-02-19 06:16:50  ffmike [View]

    I don't think I quite understand what you're getting at. Certainly the tools for validating the permissions requested are there in the .NET Framework SDK, which anyone can download. But the notion of the "average end-user" checking security permissions strikes me as rather bizarre. For the average end-user, I think a better strategy is for the platform to set reasonable defaults. .NET certainly takes a shot at this by locking out code that's not running from a trusted drive on your own computer by default.

    Perhaps I'd understand better if you supplied a scenario where the .NET security system actually amounts to a security hole.