I posted on some security options for eventing when you are using custom storage. While I stopped short of full examining the potential of the various systems, I also stopped short on pointing out some additional security concerns. Here is the previous posting: Some security considerations for systems...

For just a moment, relax your guard and don't think about the common usages of eventing that occur every day. The quick answer to solving any security concerns is to do a code review, run your application in a debugger to find offending code, and claim that since you own all of the source you don't need...

Reading Joel's blog and having lunch with him are two different things. You never really see all of the possibilities of a technology until you see the twinkle in someone's eye and realize that the technology might be slightly more powerful than you originally realized. Today I want to cover function...

I figured I'd start with the obvious. You can never control a machine 100%, so there is always the opportunity that whatever systems of protection you have in place, they can be overcome. This same principle applies to security and cheating systems as well. Things start to become mutable in .NET under...

Brad Abrams posts an article on Mutable reference types should not be read-only fields . You really have to think about what this means. In the example he creates a new type, say F, that has some internal data. On another type, he creates a read-only field of type F. He then demonstrates, how you can...

Doing a PermitOnly when using File Permissions seems to be the way to lock down file access in the .NET environment. It ensures that the API you are calling can only access the specified file path and often times this can be important unless you trust the library you are calling (I try not to trust any...

I'm banging my head against a wall right now trying to extend the CAS system with my own permissions. I've figured on doing this in three steps. First, by figuring out what needs to go into a new permission. This wasn't hard at all, and consisted of creating a new attribute for declarative security and...

Well, the pre-amble or goals document isn't done, but I should get it completely done this weekend some time. What I'm looking for now is initial impressions about the project based on the TOC and the first section. I really want this series to end with a solid plug-in framework that you can use from...

Okay, so I'm working through the plug-in interface and testing all the various possibilities for when static constructors are going to be run. I wind up finding some of the answers to my questions posted in another blog entry http://weblogs.asp.net/justin_rogers/archive/2004/02/01/65912.aspx but now...

This is definitely weird. I could have sworn the binary formatter in V1.0 would throw an error whenever the stream was invalid (can happen if the transport protocol burps or a file gets messed up on your disk), but with V1.1 installed, all the formatter does is hang. Without going in to what I was testing...