Defining Effective Declarative Security


Declarative security defines application security requirements as part of the declaration of main application elements such as a namespace, class, or method. It relies on attributes defined as part of an application element declaration, such as a method. The compiler normally processes these attributes during compile time, which means the declaration appears as part of the application manifest.

You’ve already seen several examples of declarative security throughout the book (and will see several more before the completion of the book). For example, the “Using the Permission View Tool” section of the chapter relies on declarative security. This example points out one of the reasons you should use declarative security in some cases. Declarative security creates entries in the assembly metadata that are easy to retrieve and use as a basis for setting assembly security. Someone who knows what an assembly requires in the way of security is less likely to make setup mistakes.

Declarative security is also good from a documentation standpoint. All of the security requirements for a particular element appear as part of the declaration. You don’t have to wade through the code to find the security statement that could cause coding problems down the road.

You can use declarative and imperative security interchangeably for many needs, but declarative security is more effective in some situations. Whenever you need to consider the documentation aspects of an application as a higher priority than ease of use or dynamic data manipulation, declarative security is the tool of choice.




.Net Development Security Solutions
.NET Development Security Solutions
ISBN: 0782142664
EAN: 2147483647
Year: 2003
Pages: 168

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net