Security violations are runtime conditions and cannot be forced by the compiler. Fortunately, they will never appear on your development machine, and the code you compile is loaded from your own hardware. That is to say, it has a higher level of trust. Discuss all potential. net security model can fully write a few books, but you can understand a small part of reasonable behavior, so that your assembly and.. net. These recommendations can be referenced only when you create a component library or develop components and Assembly published through the network.
Through this discussion, you should remember that. Net is a hosted environment. This environment ensures a clear security environment. You can use. Net configuration policies to manage security policies during installation. Most. NET Framework libraries have security trust in configuration policies during installation. It identifies security issues, that is, the CLR can detect Il and ensure that it does not have any potential dangerous behavior, such as direct access to the original memory. It does not require special security permissions to assert when accessing local resources. You should try to observe the same check. If your code does not require any security permissions, you should avoid using CAS APIs to determine access permissions, otherwise, all you do is reduce program performance.
You need to use CAS APIs to access some protected resources that require additional privileges. Many General protected resources are non-hosted memory and file systems. Other protected resources include databases, Network Ports, Windows registries, and the print subsystem. In each case, if the call code does not have sufficient permission, trying to access these resources will cause an exception. In addition, accessing these resources may lead to the creation of a security stack on the runtime to ensure that all the assemblies on the current stack are properly licensed. Let's take a look at the memory and file system to discuss the most practical problems in security systems and confidentiality.
At any time, you can create an appropriate security assembly to avoid unmanaged memory access. A secure assembly, that is, a heap memory that does not use any pointer to access other unmanaged or managed resources. Whether you know it or not, all the C # code you create is almost safe. Unless you enable the insecure compilation/unsafe on the C # compiler, all the code you create is secure code: even if the switch is enabled, it does not mean that the code is compiled into Insecure code. It depends on how your code is written .). /Unsafe allows you to use a pointer that is not verified by CLR.
There are few reasons to use Insecure code, especially in a regular task. The pointer to the original memory is faster than the safe reference to be detected. In some classic arrays, they may be faster than 10 times. However, when using an insecure structure, you must understand that any Insecure code will affect the entire assembly. When creating insecure blocks, considerAlgorithmIndependent to a program letter (see Principle 32 ). In this way, the impact of Insecure code can be restricted throughout the program. If it is independent, only visitors who actually call it will be affected. For the rest, you can still use the security mechanism in a stricter environment. You may also need Insecure code to process some P/invoke or com interfaces that require direct pointers. Same recommendation: Independent. Insecure code only affects its own small assembly, and there is no other.
It is recommended that you avoid access to the unmanaged memory whenever possible.
The next security core is the file system. The program needs to store data. Code downloaded from the Internet cannot be accessed in most parts of the file system. Otherwise, there will be a large security vulnerability. Yes, it is difficult to create programs that can be used without access to the file system. Independent storage can solve this problem. Independent storage can traverse virtual directories, application domains, and current users based on the Assembly. Optional, you can use a more general independent storage virtual directory, which is based on the assembly or the current user.
In fact, trusted assemblies can access their own special independent storage areas, but not elsewhere in the file system. The independent storage directory is hidden in other assembly and other users. You can use classes in the system. Io. isolatedstorage namespace to access independent storage. The isolatedstoragefile class can easily access the system. Io. File class. In fact, it is derived from the system. Io. filestream class. Code that writes content to an independent storage is almost the same as writing content to any file:
Isolatedstoragefile ISO =
Isolatedstoragefilestream mystream = new
Isolatedstoragefilestream ("savedstuff.txt ",
Filemode. Create, ISO );
Streamwriter wR = new streamwriter (mystream );
// Several Wr. Write statements elided
Wr. Close ();
Read operations are similar to other file I/O operations:Isolatedstoragefile isostore =
Isolatedstoragefile. getuserstorefordomain ();
String [] files = isostore. getfilenames ("savedstuff.txt ");
If (files. length> 0)
{
Streamreader reader = new streamreader (New
Isolatedstoragefilestream ("savedstuff.txt ",
Filemode. Open, isostore ));
// Several reader. readlines () callelided.
Reader. Close ();
}
You can store data elements with the proper persistent size independently. These elements can be partially trusted by the Code for storing and loading information from somewhere on a secure detached local disk .. . Net Environment defines and limits the size of independent storage for each program. This prevents malicious code from occupying disk space and making the system unavailable. Independent storage is invisible to other programs and other users. That is to say, it should not be used to deploy or configure settings for manual operations by the Administrator. Even if it is hidden, independent storage is not protected for unmanaged code from trusted users. Do not use independent storage to store highly confidential content unless your program adds a secret to it.
When creating an assembly in the file system that may require security policy permission, you must store the content of the stream independently. When your assembly may run on the Web or may be accessed by code running on the web, you should consider using independent storage.
You may need to use a protected resource correctly. Generally, accessing these resources means that your program is fully trusted. The only option is to completely avoid using these protected resources. For example, in windows, if you and your program need to access the registry, you must install your program on the end user's machine to have the necessary permissions to access the registry. To be simple, you cannot modify the registry of a program running on the web. The security policy should be like this.
The. Net security model means that your program's behavior must be checked. Pay attention to the rights required by your program and try to minimize them. You do not have to request your right to not use it. The fewer your assemblies require protected resources, the more they can ensure that security policy exceptions are not thrown. Avoid using confidential resources. If possible, consider other optional solutions. When you do need a higher security license on an algorithm, you should separate the Code into their own set of programs.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
