G
Guest
Hi all, I'm afraid this is the second posting of this information as I didn't get a response on the previous post. I will try to shorten my message (i.e. be more concise) in the hopes that it will make it easier for someone (i.e. a Microsoft person) to digest the information and respond to it. I am a C++ and Java developer with over 3 years of industry experience. I've written low level C++ code, in addition to web clients that use web services. I've just recently installed the Visual Studio .net Professional trial version 2003. I have been reading up various documents that discuss - "What is Microsoft .Net" and have found some enlightening information
I'm trying to write a paper on security and software development using Microsoft .Net. So far the most difficult aspect has been determining - what is Microsoft .NET?
--Questions-
1. What is included in the "set of software technologies" that are part of Microsoft .NET beyond the Microsoft .NET Framework. Specifically, I'm wondering if I speak to someone about Microsoft .NET does that include Microsoft Visual Studio .NET and other supportive technologies
2. If I write unmanaged C++ code in Microsoft Visual Studio .NET is it transformed/compiled into MSIL (intermediate language) and then Just-In-Time comiled using CLR into native code? If so, is the best way to look at the MSIL form of this code by using ildasm.exe? I notice when I comile C# code that there is a tempPE directory. Is this where the MSIL form of the C# program is stored temporarily? If so, can I force Visual Studio .NET to leave the file there after compilation
3. If I can find a security issue (i.e. one of the functions like printf in iostream provided by Visual Studio .NE
has a security flaw) in a C++ program (compiled using Visual Studio ..net) then does that mean that I have found a security flaw in .NET or is it just a security flaw in Microsoft's implementation of the printf function? I.E. are they one and the same
4. When I read this one .NET security document "Security in the Microsoft ..NET Environment" it indicated the framework had a variety of security mechanisms
Evidence-Based Security, Code Access Security, Role-Based Security, etc. Are these just features of using the libraries available in all of the languages that are compiled into MSIL (like C#, C++, ASP.NET, etc)? The document even went on to show a line of code (from I assume ASP.NET)
if (HTTPContext.IsCallerInRole("Admin"){...}
5. (a) If I compile a C++ program (that uses only managed code) using Visual Studio .NET will that executable require the .NET framework to be installed? I.E. if I send it to my friend on a different computer (same OS), will he require the .NET framework to execute it
(b) If I compile a C++ program (that uses only UNmanaged code) using Visual Studio .NET will that executable require the .NET framework to be installed? I.E. if I send it to my friend on a different computer (same OS), will he require the .NET framework to execute it
(c) Also, has the executable in (b) been generated using the JIT compiler in CLR
In summary, I want to clearly understand where .NET begins and ends. I want to know if I find a security related problem in some of the supporting libraries (i.e. iostream) of C++ that are found within Visual Studio .net have I found a .NET security flaw or is it just a security flaw in Microsoft's implementation of the iostream library for C++? Is the security framework I mentioned earlier available to all of the previously mentioned languages like C#, J#, ASP.NET, etc i
some form or another (due to their compilation to MSIL and subsequent JIT compile to native code)?
Thanks for any advice in this regard
Novice
I'm trying to write a paper on security and software development using Microsoft .Net. So far the most difficult aspect has been determining - what is Microsoft .NET?
--Questions-
1. What is included in the "set of software technologies" that are part of Microsoft .NET beyond the Microsoft .NET Framework. Specifically, I'm wondering if I speak to someone about Microsoft .NET does that include Microsoft Visual Studio .NET and other supportive technologies
2. If I write unmanaged C++ code in Microsoft Visual Studio .NET is it transformed/compiled into MSIL (intermediate language) and then Just-In-Time comiled using CLR into native code? If so, is the best way to look at the MSIL form of this code by using ildasm.exe? I notice when I comile C# code that there is a tempPE directory. Is this where the MSIL form of the C# program is stored temporarily? If so, can I force Visual Studio .NET to leave the file there after compilation
3. If I can find a security issue (i.e. one of the functions like printf in iostream provided by Visual Studio .NE
has a security flaw) in a C++ program (compiled using Visual Studio ..net) then does that mean that I have found a security flaw in .NET or is it just a security flaw in Microsoft's implementation of the printf function? I.E. are they one and the same
4. When I read this one .NET security document "Security in the Microsoft ..NET Environment" it indicated the framework had a variety of security mechanisms
Evidence-Based Security, Code Access Security, Role-Based Security, etc. Are these just features of using the libraries available in all of the languages that are compiled into MSIL (like C#, C++, ASP.NET, etc)? The document even went on to show a line of code (from I assume ASP.NET)
if (HTTPContext.IsCallerInRole("Admin"){...}
5. (a) If I compile a C++ program (that uses only managed code) using Visual Studio .NET will that executable require the .NET framework to be installed? I.E. if I send it to my friend on a different computer (same OS), will he require the .NET framework to execute it
(b) If I compile a C++ program (that uses only UNmanaged code) using Visual Studio .NET will that executable require the .NET framework to be installed? I.E. if I send it to my friend on a different computer (same OS), will he require the .NET framework to execute it
(c) Also, has the executable in (b) been generated using the JIT compiler in CLR
In summary, I want to clearly understand where .NET begins and ends. I want to know if I find a security related problem in some of the supporting libraries (i.e. iostream) of C++ that are found within Visual Studio .net have I found a .NET security flaw or is it just a security flaw in Microsoft's implementation of the iostream library for C++? Is the security framework I mentioned earlier available to all of the previously mentioned languages like C#, J#, ASP.NET, etc i
some form or another (due to their compilation to MSIL and subsequent JIT compile to native code)?
Thanks for any advice in this regard
Novice