Objective C # principle 47: Select Secure Code)

Valid C # principle 47: Select safeCode
Item 47: prefer safe code

. Net runtime has been designed, and some malicious code cannot penetrate into and execute on a remote computer. Currently, some partial systems are too lazy to download and execute code from remote machines. If you can publish your software over the Internet or Ethernet, or run it directly on the web, but you need to understand that CRL is in yourProgramRestrictions on the set. If the CLR does not fully trust an assembly, it limits some behaviors. These call codes must have access security authentication (CAS ). On the other hand, CLR enforces role-based security authentication so that the code can or cannot be run under a special role account.

Security violations are runtime conditions and cannot be forced by the compiler. Fortunately, they will never appear on your development machine, and the code you compile is loaded from your own hardware. That is to say, it has a higher level of trust. Discuss all potential. net security model can fully write a few books, but you can understand a small part of reasonable behavior, so that your assembly and.. net. These recommendations can be referenced only when you create a component library or develop components and Assembly published through the network.

Through this discussion, you should remember that. Net is a hosted environment. This environment ensures a clear security environment. You can use. Net configuration policies to manage security policies during installation. Most. NET Framework libraries have security trust in configuration policies during installation. It identifies security issues, that is, the CLR can detect Il and ensure that it does not have any potential dangerous behavior, such as direct access to the original memory. It does not require special security permissions to assert when accessing local resources. You should try to observe the same check. If your code does not require any security permissions, you should avoid using CAS APIs to determine access permissions, otherwise, all you do is reduce program performance.

You need to use CAS APIs to access some protected resources that require additional privileges. Many General protected resources are non-hosted memory and file systems. Other protected resources include databases, Network Ports, Windows registries, and the print subsystem. In each case, if the call code does not have sufficient permission, trying to access these resources will cause an exception. In addition, accessing these resources may lead to the creation of a security stack on the runtime to ensure that all the assemblies on the current stack are properly licensed. Let's take a look at the memory and file system to discuss the most practical problems in security systems and confidentiality.

At any time, you can create an appropriate security assembly to avoid unmanaged memory access. A secure assembly, that is, a heap memory that does not use any pointer to access other unmanaged or managed resources. Whether you know it or not, all the C # code you create is almost safe. Unless you enable the insecure compilation/unsafe on the C # compiler, all the code you create is secure code: even if the switch is enabled, it does not mean that the code is compiled into Insecure code. It depends on how your code is written .). /Unsafe allows you to use a pointer that is not verified by CLR.

There are few reasons to use Insecure code, especially in a regular task. The pointer to the original memory is faster than the safe reference to be detected. In some classic arrays, they may be faster than 10 times. However, when using an insecure structure, you must understand that any Insecure code will affect the entire assembly. When creating insecure blocks, considerAlgorithmIndependent to a program letter (see Principle 32 ). In this way, the impact of Insecure code can be restricted throughout the program. If it is independent, only visitors who actually call it will be affected. For the rest, you can still use the security mechanism in a stricter environment. You may also need Insecure code to process some P/invoke or com interfaces that require direct pointers. Same recommendation: Independent. Insecure code only affects its own small assembly, and there is no other.

It is recommended that you avoid access to the unmanaged memory whenever possible.

The next security core is the file system. The program needs to store data. Code downloaded from the Internet cannot be accessed in most parts of the file system. Otherwise, there will be a large security vulnerability. Yes, it is difficult to create programs that can be used without access to the file system. Independent storage can solve this problem. Independent storage can traverse virtual directories, application domains, and current users based on the Assembly. Optional, you can use a more general independent storage virtual directory, which is based on the assembly or the current user.

In fact, trusted assemblies can access their own special independent storage areas, but not elsewhere in the file system. The independent storage directory is hidden in other assembly and other users. You can use classes in the system. Io. isolatedstorage namespace to access independent storage. The isolatedstoragefile class can easily access the system. Io. File class. In fact, it is derived from the system. Io. filestream class. Code that writes content to an independent storage is almost the same as writing content to any file:

Isolatedstoragefile ISO =
Isolatedstoragefile. getuserstorefordomain ();

Isolatedstoragefilestream mystream = new
Isolatedstoragefilestream ("savedstuff.txt ",
Filemode. Create, ISO );
Streamwriter wR = new streamwriter (mystream );
// Several Wr. Write statements elided
Wr. Close ();

Read operations are similar to other file I/O operations:

Isolatedstoragefile isostore =
Isolatedstoragefile. getuserstorefordomain ();

String [] files = isostore. getfilenames ("savedstuff.txt ");
If (files. length> 0)
{
Streamreader reader = new streamreader (New
Isolatedstoragefilestream ("savedstuff.txt ",
Filemode. Open, isostore ));

// Several reader. readlines () callelided.

Reader. Close ();
}

You can store data elements with the proper persistent size independently. These elements can be partially trusted by the Code for storing and loading information from somewhere on a secure detached local disk .. . Net Environment defines and limits the size of independent storage for each program. This prevents malicious code from occupying disk space and making the system unavailable. Independent storage is invisible to other programs and other users. That is to say, it should not be used to deploy or configure settings for manual operations by the Administrator. Even if it is hidden, independent storage is not protected for unmanaged code from trusted users. Do not use independent storage to store highly confidential content unless your program adds a secret to it.

When creating an assembly in the file system that may require security policy permission, you must store the content of the stream independently. When your assembly may run on the Web or may be accessed by code running on the web, you should consider using independent storage.

You may need to use a protected resource correctly. Generally, accessing these resources means that your program is fully trusted. The only option is to completely avoid using these protected resources. For example, in windows, if you and your program need to access the registry, you must install your program on the end user's machine to have the necessary permissions to access the registry. To be simple, you cannot modify the registry of a program running on the web. The security policy should be like this.

The. NET security model means that your program's behavior must be checked. Pay attention to the rights required by your program and try to minimize them. You do not have to request your right to not use it. The fewer your assemblies require protected resources, the more they can ensure that security policy exceptions are not thrown. Avoid using confidential resources. If possible, consider other optional solutions. When you do need a higher security license on an algorithm, you should separate the Code into their own set of programs.
============================

Item 50: Learn About The ECMA Standard
The ECMA standard is the official word on how every feature in the C # Language behaves. ECMA-334 defines the 1.0 standard for the C # language. you can learn about the C #2.0 proposals from the book the C # programming language, by Anders hejlsberg, Scott wiltamuth, and Peter Golde (Addison-Wesley, 2003 ). this book is a language reference, not a tutorial. it explains in very pedantic detail exactly how each feature of the language works. each language feature is annotated so that you can better understand the justification of each language feature. while I was working on this book, I constantly had this reference open on my desk.

If you are a serious C # programmer, you shoshould understand the language, including the rationale behind different features. it will make your job easier if you know when to apply each feature in your own work. you will have a better understanding of any subtle differences in different language expressions.

In addition to the C # language, you shoshould understand the Common Language Runtime (CLR) thoroughly. the Clr and common language infrastructure (CLI) standards are defined in ECMA-335, the CLR standard. as with C #, this is version 1.0 of the standard. the common language infrastructure annotated standard, by James Miller and Susann Ragsdale (Addison-Wesley, 2003), explains the CLI version 2.0. this reference includes des the common language subsystem (CLS), which will help you understand the rules behind CLS compliance. this also helps you understand the ECMA standard for. net runtime and infrastructure.

Both the C # And CLR committees continue to publish working statements on the discussion and progress of the 2.0 version of the C # language and the CLR. the discussions are a valuable way to understand how C # will grow and change over time.

In addition, a deeper understanding of the current standard and the proposed enhancements will help you create code that stands the test of time. by understanding the features that will be added to the language and the environment, you are in a better position to create software that lasts longer into the future. you can anticipate the future modifications that might be necessary.

Software changes over time. C # will grow and change, probably for some time and for several revisions after 2.0. this is a tool that you use every day, for most of your day. learn the official definitions, and stay on top of them.