Before You Begin

Previous page
Table of content
Next page

Before you begin to use code access security policy to constrain an assembly, you should be aware of the following:

  • To constrain a Web application so that it is only able to access files within its own virtual directory hierarchy, you can configure the application to run with medium trust by placing the following in Web.config: 

     <system.web>   <trust level="Medium" /> </system.web>

    This uses ASP.NET code access security policy to constrain the ability of the Web application to perform file I/O and it also imposes other constraints. For example, a medium trust application cannot directly access the event log, registry, or OLE DB data sources.

  • ASP.NET code access security policy is configured independently from enterprise-level, machine-level, and user -level code access security policy. The.NET Framework version 1.1 Configuration tool only supports enterprise-level , machine-level, and user-level policy.

    You must maintain ASP.NET policy by using a text or XML editor. For more information about running Web applications using medium trust, see Chapter 9, "Using Code Access Security with ASP.NET."

  • When you build an assembly, you can impose constraints programmatically using code access security. For more information about how to do this, see Chapter 8, "Code Access Security in Practice."

  • You should generally avoid building Web applications that accept file names and paths from the user because of the security risks posed by canonicalization issues. On occasion, you might need to accept a file name as input. This How To shows you how you can constrain an assembly to ensure that it cannot access arbitrary parts of the file system. For more information about performing file I/O, see "File I/O" sections in Chapter 7, "Building Secure Assemblies" and Chapter 8, "Using Code Access Security in Practice," of Improving Web Application Security .

  • For more information about code access security fundamentals, see Chapter 8, "Code Access Security in Practice," of Improving Web Application Security .



Previous page
Table of content
Next page
Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors: Microsoft Corporation
BUY ON AMAZON
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Information Dashboard Design: The Effective Visual Communication of Data
Special Edition Using Crystal Reports 10
Programming .Net Windows Applications
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy