Browse by Tags

All Tags » CLR Internals » Security (RSS)
Wednesday, September 22, 2004 11:42 PM

Multi-cast delegates are potential trojan horses for protected eventing...

I posted on some security options for eventing when you are using custom storage. While I stopped short of full examining the potential of the various systems, I also stopped short on pointing out some additional security concerns. Here is the previous...
Posted by Justin Rogers | 2 comment(s)
Filed under: , ,
Wednesday, September 22, 2004 5:54 PM

Some security considerations for systems with events.

For just a moment, relax your guard and don't think about the common usages of eventing that occur every day. The quick answer to solving any security concerns is to do a code review, run your application in a debugger to find offending code, and claim...
Posted by Justin Rogers | 3 comment(s)
Filed under: , ,
Saturday, April 10, 2004 11:46 AM

Joel's Lightweight Code Gen spells SUWEET for small scripting languages in games.

Reading Joel's blog and having lunch with him are two different things. You never really see all of the possibilities of a technology until you see the twinkle in someone's eye and realize that the technology might be slightly more powerful than you originally...
Posted by Justin Rogers | 1 comment(s)
Filed under: , , , , ,
Thursday, April 08, 2004 10:24 PM

.NET Immutability Tip #1: Nothing is immutable.

I figured I'd start with the obvious. You can never control a machine 100%, so there is always the opportunity that whatever systems of protection you have in place, they can be overcome. This same principle applies to security and cheating systems as...
Posted by Justin Rogers | with no comments
Filed under: , , , ,
Thursday, April 08, 2004 6:45 PM

Brad Abrams talks about mutable read-only fields and I attempt to elaborate.

Brad Abrams posts an article on Mutable reference types should not be read-only fields . You really have to think about what this means. In the example he creates a new type, say F, that has some internal data. On another type, he creates a read-only...
Posted by Justin Rogers | 1 comment(s)
Filed under: , , , ,
Friday, February 13, 2004 4:02 PM

PermitOnly is excellent for security, but can be a bane to programming..., enter PermissionSet

Doing a PermitOnly when using File Permissions seems to be the way to lock down file access in the .NET environment. It ensures that the API you are calling can only access the specified file path and often times this can be important unless you trust...
Posted by Justin Rogers | with no comments
Filed under: , , ,
Monday, February 09, 2004 5:25 PM

Extending the security system with new permissions...

I'm banging my head against a wall right now trying to extend the CAS system with my own permissions. I've figured on doing this in three steps. First, by figuring out what needs to go into a new permission. This wasn't hard at all, and consisted of creating...
Posted by Justin Rogers | 2 comment(s)
Filed under: , ,
Friday, February 06, 2004 7:42 PM

Preamble to the Plug-In Framework series of articles...

Well, the pre-amble or goals document isn't done, but I should get it completely done this weekend some time. What I'm looking for now is initial impressions about the project based on the TOC and the first section. I really want this series to end with...
Posted by Justin Rogers | 1 comment(s)
Filed under: , ,
Monday, February 02, 2004 11:29 PM

Multi-Threaded applications and Abort, careful not to kill your statics...

Okay, so I'm working through the plug-in interface and testing all the various possibilities for when static constructors are going to be run. I wind up finding some of the answers to my questions posted in another blog entry http://weblogs.asp.net/justin_rogers...
Posted by Justin Rogers | 4 comment(s)
Filed under: , , ,
Monday, February 02, 2004 9:55 PM

BinaryFormatter can hang within modified stream?

This is definitely weird. I could have sworn the binary formatter in V1.0 would throw an error whenever the stream was invalid (can happen if the transport protocol burps or a file gets messed up on your disk), but with V1.1 installed, all the formatter...
Posted by Justin Rogers | 7 comment(s)
Filed under: ,
More Posts Next page »