Security applications. NET Framework

Accessing a computer as an administrator you can clear out any operation. Consequently, when a Windows operating system you are using an unmanaged application, it gets all the privileges of the user who executes it. In this case the admin user if you accidentally run a malicious file, there are no barriers that can block its actions.

To avoid this scenario you should have access to computer users who have only minimal privileges. A very important concept in this context is code access security (CAS - Code Access Security), an operating mode that lets you control the permissions that each application must have.

The CAS is a security system that allows administrators and developers to check the permissions of the applications in a way very similar to the permissions on user accounts. Through this system you can, for example, grant an application to read and write privileges on the registry. And 'possible to check the permissions of the most system resources, including:

• File System
• Register
• Printers
• Event Log

Unfortunately, the CAS can only be applied to applications based on. NET Framework, while other applications can not be managed and operate without any restrictions CAS but only with restrictions related to the privileges of the user.

Any security system needs a way to identify users and determine what a user can do and what not to do and CAS no exception from this point of view. However, since this security system identifies and assigns permissions to users rather than applications, it can not be based on user names and passwords, but the so-called evidence (evidence).

The evidence is the information that the execution environment. NET Framework provides an assembly. Examples of such information is the folder or Web site from which a given assembly is handled or digital signatures. There are two types of evidence: Evidence host and assembly evidence. The first describes the assembly identity data (eg address or membership directory), the second provides data as the hash code or the encrypted information on the name.

It defines the specific permission of an access control. For example, Dialog File permission determines whether an assembly can have or not to a particular user to Open or Save dialog boxes, both, or neither. Inside the. NET Framework includes several default permission and it is also possible to define custom permissions. Among the defaults are:

• Environment Variables - Provides access to environment variables (such as Path, Username, NUMBER_OF_PROCESSORS). And 'possible to guarantee access to all environment variables or specify only a few
• Directory Services - guarantees the right to access and manage Active Directory
• Event Log - Provides access to event log
• File IO - Restricts access to files and folder. It 'can specify a list of locations to which an assembly can access privileges providing reading, writing, etc..
• Printing - Restrict printing privileges
• Reflection - Check whether an assembly can not access information or other assemblies
• Registry - Restricts access to registry keys
• SQL Client - Check whether an assembly can not have access to SQL Server
• User Interface - Determines whether an assembly can create new windows or not
• Web Access - Determines whether an assembly can access websites and possibly to such sites

• <<
• 1
• 2
• 3
• >>