Stack Overflow
Stack Overflow

Questions tagged [code-access-security]

Code-access security is security specific to limiting access to or protecting source code, through the use of processes such as encryption, obfuscation, and more.

Code-access security is security specific to limiting access to or protecting source code, through the use of processes such as , , and more. The goal of code-access security is most often to protect functionality from competitors, to prevent reverse-engineering, or to preserve integrity of program communication protocols.

For more on obfuscation:

Note that security questions which are not about a specific programming problem may be better suited to our sister site, IT Security Stack Exchange.

337 questions
118
votes
3 answers

How can I implement ISerializable in .NET 4+ without violating inheritance security rules?

Background: Noda Time contains many serializable structs. While I dislike binary serialization, we received many requests to support it, back in the 1.x timeline. We support it by implementing the ISerializable interface. We've received a recent…
Jon Skeet
  • 1,421,763
  • 867
  • 9,128
  • 9,194
69
votes
8 answers

Is “Code Access Security” of any real world use?

Warning: Newer versions of .Net and .Net core has have removed and/or changed “Code Access Security” (CAS) since this question was asked. Original Question: I am in the process of studying for the 70-536 .NET Framework - Application Development…
Ian Ringrose
  • 51,220
  • 55
  • 213
  • 317
60
votes
5 answers

Looking for a practical approach to sandboxing .NET plugins

I am looking for a simple and secure way to access plugins from a .NET application. Although I imagine that this is a very common requirement, I am struggling to find anything that meets all my needs: The host application will discover and load its…
Tim Coulter
  • 8,705
  • 11
  • 64
  • 95
24
votes
5 answers

What is the security risk of object reflection?

So after a few hours of workaround the limitation of Reflection being currently disabled on the Google App Engine, I was wondering if someone could help me understand why object reflection can be a threat. Is it because I can inspect the private…
Legend
  • 113,822
  • 119
  • 272
  • 400
24
votes
4 answers

Attempt by security transparent method X to access security critical method Y failed

I have a fairly stable server application version that's been deployed for nearly a year at dozens of customers. One new customer recently setup the application and is getting the following error: System.MethodAccessException: Attempt by security…
RMD
  • 3,421
  • 7
  • 39
  • 85
23
votes
3 answers

CLR Strict Security on SQL Server 2017

MSDN on this article says: CLR uses Code Access Security (CAS) in the .NET Framework, which is no longer supported as a security boundary. A CLR assembly created with PERMISSION_SET = SAFE may be able to access external system resources, call…
Jesús López
  • 8,338
  • 7
  • 40
  • 66
22
votes
3 answers

Disabling certificate revocation checking for an application on Windows

I have a .NET 3.5 desktop application that had been showing periodic slow downs in functionality whenever the test machine it was on was out of the office. I managed to replicate the error on a machine in the office without an internet connection,…
Colm Clarke
  • 480
  • 1
  • 7
  • 23
21
votes
5 answers

How can I secure my plugin so only paying users can use it?

I'm developing some (wordpress) plugins and I'm planning to have a license fee for whoever want's to use it. Therefor I need a way to make sure that this plugin is not uploaded to a server where anyone can download it and use it for free. So I was…
Steven
  • 19,224
  • 47
  • 152
  • 257
16
votes
2 answers

How does one fix the "'System.Security.Permissions.SecurityAction.RequestMinimum' is obsolete" compilation error?

I received the following compilation warning as a error while upgrading some ASP.NET code from .NET 3.5: 'System.Security.Permissions.SecurityAction.RequestMinimum' is obsolete. The attribute has bee applied on the assebly level: [assembly:…
Schalk
  • 280
  • 1
  • 4
  • 13
16
votes
1 answer

C#: What are Partially Trusted Callers?

I haven't seen this clearly defined in one page: Partially Trusted Callers. I am researching about APTCA and this is always mentioned, but MSDN does not have an article about it. I only had a few clues, but I am not 100% sure. Are code executed…
user46915
16
votes
3 answers

securing the source code in a node-webkit desktop application

first things first , i have seen nwsnapshot. and its not helping. i am building an inventory management system as a desktop app using node-webkit . the project being built is using compoundjs (mvc javascript library). which have a definite folder…
sunnyvilles
  • 251
  • 3
  • 11
15
votes
1 answer

"dynamic operations can only be performed in homogenous appdomain" error while launching PowerShell

I have a powershell script that I am trying to execute from WCF REST service.I am using the System.Management.Automation and System.Management.Automation.Runspaces assemblies. The C# code looks like this: Command command = new…
user1019042
  • 2,428
  • 9
  • 43
  • 85
14
votes
4 answers

.NET Code Access Security: Useful or just overcomplicated?

see also Is “Code Access Security” of any real world use? I want to get some other opinions on this... I like the idea of Code Access Security for desktop applications. But in the lifetime of .NET I have to admit I've never actually had a…
Brandon
  • 13,956
  • 16
  • 72
  • 114
13
votes
2 answers

GIT support for branch based user authorization - Best Practices or Tools?

For a product based GIT repository, wherein there are branches for maintenance, testing as well as future development, how do I control user access to these branches. By access, I mean that even though others may read from it, they should not be…
rraheja
  • 263
  • 1
  • 2
  • 10
12
votes
1 answer

Securing website assemblies with new code security model

I'm currently on a project where we are creating a MVC site. The site needs to use code access security, due to the fact that third party dll's needs to be plugged in, to provide custom functionality. Now we don't want these assemblies to have full…
tschmuck
  • 533
  • 1
  • 5
  • 9
1
2 3
22 23