for RuBoard |
By Sebastian Lange and Matthew Lyons
IN THIS CHAPTER
Default Security Policy and Mobile Code
Limitations on Calling Strong Named Components
Running Mobile Code in Internet Explorer
Securely running mobile code is one of the most difficult problems on the Internet. As discussed in Chapter 1, "Common Security Problems on the Internet," mobile code comes in many different forms, including executables, source code, scripts, Java applets, and ActiveX controls. Generally, you can think of mobile code as any data sent to computers and run in some automated fashion. A very common way this happens is your Web browser. Many Web pages have some kind of embedded, mobile code these days to perform tasks like data validation when filling in a form. In addition to Web browsers, there are applications like virus scanners that automatically pull down updates from the Internet.
The .NET Framework provides the potential for rich mobile code scenarios on client machines. To properly administer clients that use the .NET Framework for mobile code scenarios, you need to understand how default security policy and strong named components affect those scenarios. In addition, you should know how mobile code is dealt with in Internet Explorer, because the .NET Framework provided code to tightly integrate assemblies with Internet Explorer.
If you haven't read Chapter 18, "Administering Security Policy Using the .NET Framework Configuration Tool," and Chapter 19, "Administering .NET Framework Security Policy Using Scripts and Security APIs," yet, you should do so before actually trying to administer .NET Framework clients. This chapter will discuss security policy changes that you might consider, but it won't discuss how to actually perform those changes.
for RuBoard |