J
John Smith
I don't think I have understood the concept of Code Access Security in
Dotnet fully.
1) I simply can't appreciate the method - *Permission.Assert that asserts
the 'right' and bypasses the security policy !! Wouldn't this make the
security policy redundant? (as any untrusted code can simply assert the
right and continue!!)
2) I have tried to change the Permission Set for All_Code code group to use
'Everything' but my code (which is a very basic dotnet windows application)
doesn't run. I have to revert to 'Full Trust'. I would imagine 'Full Trust'
to be same as granting unrestricted access to all protectable resources
(which is basically 'Everything') but it doesn't seem so.
3) Also I have found that any changes made to Enterprise or Machine level
policies don't take effect, I have to always change the User Level one. But
the documentation says the final Permission Set is an 'Intersection' of all
three levels !!
I am sure I am missing something... anybody shed some light on the issues ?
Dotnet fully.
1) I simply can't appreciate the method - *Permission.Assert that asserts
the 'right' and bypasses the security policy !! Wouldn't this make the
security policy redundant? (as any untrusted code can simply assert the
right and continue!!)
2) I have tried to change the Permission Set for All_Code code group to use
'Everything' but my code (which is a very basic dotnet windows application)
doesn't run. I have to revert to 'Full Trust'. I would imagine 'Full Trust'
to be same as granting unrestricted access to all protectable resources
(which is basically 'Everything') but it doesn't seem so.
3) Also I have found that any changes made to Enterprise or Machine level
policies don't take effect, I have to always change the User Level one. But
the documentation says the final Permission Set is an 'Intersection' of all
three levels !!
I am sure I am missing something... anybody shed some light on the issues ?