Browse by Tags

All Tags » Security (RSS)
Tuesday, September 28, 2004 4:44 AM

Implementing AI wars where code is the primary asset. (focus on Terrarium)

The one thing I've taken away from the .NET Terrarium in terms of AI development is that players value their code over everything else. Protecting code from being viewed by other users is extremely difficult and hard to implement. After all, the focus...
Posted by Justin Rogers | 4 comment(s)
Filed under: , , , ,
Wednesday, September 22, 2004 11:42 PM

Multi-cast delegates are potential trojan horses for protected eventing...

I posted on some security options for eventing when you are using custom storage. While I stopped short of full examining the potential of the various systems, I also stopped short on pointing out some additional security concerns. Here is the previous...
Posted by Justin Rogers | 2 comment(s)
Filed under: , ,
Wednesday, September 22, 2004 5:54 PM

Some security considerations for systems with events.

For just a moment, relax your guard and don't think about the common usages of eventing that occur every day. The quick answer to solving any security concerns is to do a code review, run your application in a debugger to find offending code, and claim...
Posted by Justin Rogers | 6 comment(s)
Filed under: , ,
Monday, May 03, 2004 4:15 PM

.NET Immutability Tip #3: Protect your properties AND your methods.

A common immutability practice is to simply protect the property setter with an immutability flag. Take a simple class that has a single integer field for to back our property and a single boolean flag to mark it immutable. using System; public class...
Posted by Justin Rogers | 2 comment(s)
Filed under: , , ,
Saturday, April 10, 2004 10:48 PM

.NET Immutability Tip #2: Be careful of unprotected types in the executable.

I've seen this happen quite often. When developers create their immutable types, they assume the only view the user will ever have is of the type through some interface. Normally the interfaces are defined before-hand and included in some library that...
Posted by Justin Rogers | with no comments
Filed under: , , ,
Saturday, April 10, 2004 11:46 AM

Joel's Lightweight Code Gen spells SUWEET for small scripting languages in games.

Reading Joel's blog and having lunch with him are two different things. You never really see all of the possibilities of a technology until you see the twinkle in someone's eye and realize that the technology might be slightly more powerful than you originally...
Posted by Justin Rogers | 1 comment(s)
Filed under: , , , , ,
Thursday, April 08, 2004 10:46 PM

Rob Rylea on autocompilation of XAML containing code within IE

Today you can't compile xaml on the fly. No xaml on the fly? Well that really sucks. Of course the points Rob makes are all basic points that apply under any code running circumstance. He points out how HTML + script creates possible badness, and how...
Posted by Justin Rogers | 1 comment(s)
Filed under: , ,
Thursday, April 08, 2004 10:24 PM

.NET Immutability Tip #1: Nothing is immutable.

I figured I'd start with the obvious. You can never control a machine 100%, so there is always the opportunity that whatever systems of protection you have in place, they can be overcome. This same principle applies to security and cheating systems as...
Posted by Justin Rogers | with no comments
Filed under: , , , ,
Thursday, April 08, 2004 6:45 PM

Brad Abrams talks about mutable read-only fields and I attempt to elaborate.

Brad Abrams posts an article on Mutable reference types should not be read-only fields . You really have to think about what this means. In the example he creates a new type, say F, that has some internal data. On another type, he creates a read-only...
Posted by Justin Rogers | 3 comment(s)
Filed under: , , , ,
Friday, February 13, 2004 4:02 PM

PermitOnly is excellent for security, but can be a bane to programming..., enter PermissionSet

Doing a PermitOnly when using File Permissions seems to be the way to lock down file access in the .NET environment. It ensures that the API you are calling can only access the specified file path and often times this can be important unless you trust...
Posted by Justin Rogers | with no comments
Filed under: , , ,
More Posts Next page »