Code-Access Security and Deployment

Previous page
Table of content
Next page


The level of protection provided by the .NET code-access security system is largely determined by the deployment technique you choose. Ideally, you should choose a deployment technique that offers the highest level of protection by the .NET code-access security system for your code without causing your application to throw a security exception.

Deploy and Run Your Application in the .NET Security Sandbox

Deployment techniques that offer code-access security protection are said to run in the sandbox. The term sandbox, when applied to computer software, refers to an isolated environment in which an application can run and not harm other applications, the operating system, or data (or other resources) stored on the computer. The .NET code-access security sandbox is the restrictive environment where .NET applications identified as running in (or called from) any zone other than the My Computer zone run. If your application is deployed on the Internet or on an intranet, you want your application to be identified as coming from that particular zone and run in the .NET code-access security sandbox. Any .NET application installed and run in the My Computer zone (where all permissions are granted) is considered to be running outside of the .NET code-access security sandbox. Table 10-2 shows which deployment techniques use the sandbox.

Table 10-2: Deployment Techniques and Use of the Sandbox

Deployment Technique

Run in the Sandbox?

XCopy

No. The .NET application is copied to the destination computer and runs in the My Computer security zone. The application runs with full trust.

No touch and .CAB file

Yes. The .NET application is granted code-access security permissions based on the zone from which the application is installed. If the application is made available on the Internet, the application will run in the Internet zone with low trust (or no trust, depending on the version of the .NET framework installed). (See Chapter 3 for more information.)

Windows Installer (.MSI)

No. The .NET application is installed on the destination computer and runs in the My Computer security zone. The application is granted full trust by the .NET code- access security system. This is true even if the .MSI file is provided on an Internet Web page. The .NET code- access security system is not aware that the application, when run on the local computer, originated from an .MSI installation package on the Internet.

If you find that the code-access security permissions granted to your deployed application are too restrictive, you should consider creating and deploying a Windows Installer package that grants your application the .NET code-access security permissions it needs. For example, if your application requires registry access permissions (not permitted in the Internet zone), you can deploy a Windows Installer that grants your application the RegistryPermission. You are better off granting the application the additional permissions it needs (and expanding the sandbox a little bit) than changing to a deployment technique such as Windows Installer that provides no .NET code-access security protection. Later in this chapter, you’ll learn how to create a Windows Installer file for granting applications additional permissions.


Previous page
Table of content
Next page
Security for Microsoft Visual Basic .NET
Security for Microsoft Visual Basic .NET
ISBN: 735619190
EAN: N/A
Year: 2003
Pages: 168
BUY ON AMAZON
MySQL Stored Procedure Programming
Project Management JumpStart
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Lotus Notes and Domino 6 Development (2nd Edition)
WebLogic: The Definitive Guide
Comparing, Designing, and Deploying VPNs
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy