I have domain app and plugins for it. Is there good solution to sign my dll's with some key to verify plugin in my app?
Thanks for all
Asked
Active
Viewed 482 times
1
-
Just using strong-names doesn't cut it (e.g. have the app maintain a list of "safe" plug-ins -- this is how ASP.NET works with "safe controls")? Even if you don't load from the GAC, you can still inspect the SN/evidence of the assembly. – Dec 22 '10 at 07:26
-
@pst Thanks for response, all i want thats to check is it my plugin or not. – Sanja Melnichuk Dec 22 '10 at 07:34
-
may be [how-to-forbid-a-net-dll-class-library-to-be-referenced](http://stackoverflow.com/questions/4323339/how-to-forbid-a-net-dll-class-library-to-be-referenced) helps – k3b Dec 22 '10 at 08:06
1 Answers
2
If you're the only one that is going to do plugins for the application it is a good solution of course, but if you want others to do them you would have to share that key and then you're losing its control.
Ignacio Soler Garcia
- 21,122
- 31
- 128
- 207
-
Thanks for response, all i want thats to check is it my plugin or not. – Sanja Melnichuk Dec 22 '10 at 07:35
-
Then signing is the best option. When you load your plugin you have to check if the dll public key is the same as yours. – Ignacio Soler Garcia Dec 22 '10 at 08:13