11

What is strong naming and how is it useful in .Net

Bhaskar
  • 4,189
  • 4
  • 26
  • 20

4 Answers4

9

I suggest you read Strong name assemblies can keep you out of DLL Hell:

Strong name assemblies allow developers to simplify component updates and avoid the infamous DLL Hell. Learn about the anatomy of strong names and see how you can use them to ensure version compatibility and security in your .NET apps.

Also see this article for a quick tutorial on how to strong-name an assembly.

Walter
  • 1,855
  • 18
  • 29
Andrew Hare
  • 344,730
  • 71
  • 640
  • 635
2

It can also be used to ensure that the assembly is not tampered since it's released from the original publisher.

Mehrdad Afshari
  • 414,610
  • 91
  • 852
  • 789
  • 1
    But it's missing a way to verify the original publisher. For that you would have to use a technology such as AuthentiCode in addition. The main purpose however is to create unique ("strong") names to identify a specific version of an assembly (in order to address the 'DLL Hell' problems http://msdn.microsoft.com/en-us/library/ms811694.aspx) – Dirk Vollmar May 13 '09 at 13:35
  • @divo: Certainly. This is mentioned in Andrew's answer. I didn't see a need to duplicate. I just wanted to add this possibility. I had mentioned this fact in detail in this answer: http://stackoverflow.com/questions/369248/can-strong-naming-an-assembly-be-used-to-verify-the-assembly-author/369268#369268 – Mehrdad Afshari May 13 '09 at 13:43
1

I wrote a long response outlining how strongly naming an assembly stops a third party from tampering with the assembly as an answer to this question. It may be useful if you want the how as well and the why.

Community
  • 1
  • 1
Martin Harris
  • 28,277
  • 7
  • 90
  • 101
  • 1
    That is true. However this has not been the main aspect when strong naming was designed. Strong naming is missing important features such as publisher authentication and revocation. If a tamper-proof distribution of your assemblies is desired it is far better to rely on digital certificates (like Authenticode) – Dirk Vollmar May 13 '09 at 13:45
0

I think one of the important features avoiding DLL hijacking (or whatever you call it) issues due to potential weak permissions.

Assume that one of the DLLs in your application can written by "everyone" in that case someone can just modify it and when a high privileged runs the .NET application attacker can elevate their privileges.

This is quite cool because in real world you can see these attack against applications such Anti viruses and other complex apps which relies on several DLLs in several different locations.

dr. evil
  • 26,944
  • 33
  • 131
  • 201