Programming for Security

Page 133

FIGURE 5.6 Use this Security Adjustment Wizard for specific, emergency shutdowns.

Click Next and choose Local Intranet. Move the slider to No Trust. Now let's see Nicky use his computer to make more mischief. Of course, if you find him using other people's computers, you'll want to adjust his user policies—and you might just want to get into Windows role-based settings and tie his hands there as well.

Before concluding this chapter with some suggestions that programmers can use to improve the security of the applications they write, the following is one final caution for administrators:

Avoid, of course, opening up anyone's quivering, vulnerable hard drive to TotalTrust levels in the Internet zone (or indeed other zones). You don't want to invite trouble, and Full Trust is just asking for it because no .NET Framework security tests will be conducted against executing code from the Internet. Operating system settings will remain in effect, but if any of them permit trust beyond what you'd allow for trusted local execution—beware. Full Trust is a broad and dangerous permission. If you're tempted to use this setting, consider instead modifying the permissions individually using the Trust Assembly Wizard. With that tool you can more rationally fine-tune permissions. Don't simply blow open all doors by using Full Trust.

Programming for Security

Programmers don't ordinarily consider themselves on the front line of security. They usually assume that if they provide relatively bug-free code, they are doing their job. Programmers make the tools, and it's up to security enforcers (normally IT administrators in offices throughout the land) to ensure that those tools are used for their intended purposes.

However, .NET offers you, the programmers, the opportunity to take steps to create safer code. You've already seen some ways to write code that contains some security elements earlier in this chapter, and ways to employ CAS to increase the safety of your programs. Let's conclude this chapter with an overview of techniques available to programmers working with .NET security facilities.

If your .NET application doesn't get called by other code (''consumed," as they say), you can probably relax and not worry about the security issues. After all, .NET itself automatically demands permissions for many kinds of sensitive behaviors, and performs a code-access stack walk to throw exceptions as necessary. You can rest on CAS for many Windows-based applications.