Delegates

Previous page
Table of content
Next page

There is no way of knowing in advance what a delegate method is going to do when you invoke it. If your assembly supports partial trust callers , you need to take extra precautions when you invoke a delegate. You can use code access security to further improve security.

  • Consider restricting permissions for the delegate .

  • Do not assert a permission before calling a delegate .

Consider Restricting Permissions for the Delegate

The permissions granted to the code that calls the delegate determine the capabilities of the delegate. If your code has more permissions than the code that gives you the delegate, this provides a way for the caller to execute code using elevated permissions. To address this issue, you can either authorize the external code at the point it passes you the delegate with an appropriate permission demand, or you can restrict the permissions of the delegate just prior to calling it by using a deny or permit only stack modifier. For example, the following code only grants the delegate code execution permission to constrain its capabilities. 

 // Delegate definition public delegate void SomeDelegate(); . . .  // Permit only execution, prior to calling the delegate. This prevents the // delegate code accessing resources or performing other privileged // operations new SecurityPermission(SecurityPermissionFlag.Execution).PermitOnly(); // Now call the "constrained" delegate SomeDelegate(); // Revert the permit only stack modifier CodeAccessPermission.RevertPermitOnly();

Do Not Assert a Permission Before Calling a Delegate

Asserting a permission before calling a delegate is dangerous to do because you have no knowledge about the nature or trust level of the code that will be executed when you invoke the delegate. The code that passes you the delegate is on the call stack and can therefore be checked with an appropriate security demand. However, there is no way of knowing the trust level or permissions granted to the delegate code itself.

For more guidelines about using delegates securely, see the "Delegates" section in Chapter 7, "Building Secure Assemblies."



Previous page
Table of content
Next page
Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors: Microsoft Corporation
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
Lotus Notes and Domino 6 Development (2nd Edition)
VBScript Programmers Reference
A+ Fast Pass
Data Structures and Algorithms in Java
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy