1. Home
  2. Lainnya

Permissions in .NET

9.9 Permissions in .NET

Any programmer familiar with Java will know about the sandbox imposed on applets. This protects client computers from accidentally executing Java code that could potentially damage that computer. The restrictions include file reading and writing and connecting to a computer other than the one that the applet was downloaded from.

.NET offers the same sandbox architecture, which provides users with a facility to execute untrustworthy code without risking damage to their computers. There are several levels of sandbox, from trusted local computer to potentially dangerous code downloaded from an unknown site on the Internet.

Although there is no widespread usage of .NET applets running inside Web pages, there will be in the future. At present, the most significant impact the .NET sandbox will have on code is when a program is executed directly from a network share. This type of application deployment could

be used on a corporate intranet, where a small application is executed from

a central server at every login to record employees’ working practices and the like.

Code running from network shares is restricted in several ways. It can- not write arbitrarily to the local hard disk, but it can use an unlimited amount of isolated storage space on the local computer or the network share from which it was executed. Because unmanaged code cannot be gov- erned by .NET, any assembly operating within a sandbox cannot make a call to unmanaged code. This includes any use of legacy COM controls or Windows API functions. Restrictions also apply to reading environment variables, performing reflection, and accessing the event log.

To view or edit the run-time security policy in .NET, you can access this from Control Panel→ →Administrative Tools→ → → → → →Microsoft .NET Framework Configuration. Then click Runtime Security Policy (Figure 9.7).

The System.Security.Permissions namespace offers facilities to check permissions programmatically and impose further restrictions on the code. There seem to be very few circumstances in which it would be necessary to impose further restrictions on an intranet application.

9.9 Permissions in .NET 245

Figure 9.7

.NET permission configuration utility.

An interesting feature of code access security in .NET is the isolated storage feature. This is one idea that was not adapted from Java, unlike so many other features of .NET. This feature enables applications deployed over an intranet or other semitrusted source to read and write a limited amount of data to the host computers. If the application could read and write arbitrarily, the privilege could be exploited maliciously to read your personal emails, but isolated storage is a clever solution to this problem.

Isolated storage, as the name suggests, is where a small amount of hard disk space (10 Kb) is allocated to any particular application originating from a trusted Internet site. The folder where this data is placed is well away from the system folders and anything else that may contain user data. Each application is allocated its own folder and space such that untrusted appli- cations cannot read each other’s data. The amount of isolated storage allo- cated to any particular application is configurable. This can prevent rogue applications from hogging too much disk space. Intranet-originating appli- cations are allocated unlimited isolated storage.

To use isolated storage from within a .NET application, obtain an Iso- latedStorageFile object and then create a stream to it. This stream can then be used in the same way as a FileStream .

Chapter 9

246 9.10 Financial network security

C#

IsolatedStorageFile IsolatedStore; IsolatedStorageFileStream IsolatedStream; IsolatedStore = IsolatedStorageFile.GetStore(IsolatedStorageScope.Assembly,

null,null); IsolatedStream = new IsolatedStorageFileStream("data.txt",

FileMode.CreateNew, IsolatedStore);

VB.NET

Dim IsolatedStore as IsolatedStorageFile Dim IsolatedStream as IsolatedStorageFileStream IsolatedStore = IsolatedStorageFile.GetStore _

(IsolatedStorageScope.Assembly, _ Nothing,Nothing)

IsolatedStream = New IsolatedStorageFileStream _ ("data.txt", FileMode.CreateNew, IsolatedStore)

Access to isolated storage in the case described above would be allocated on a per-assembly basis. Isolated storage can also be allocated on a per-user basis, per–domain name basis (for Internet code), or a combination of the above.

Dokumen yang terkait

Pemodelan Curah Hujan dengan Pendekatan Model ARIMA, Feed Forward Neural Network dan Hybrid (ARIMA-NN) di Banyuwangi

0 1 6

Pemodelan Profile Greenhouse Berbasis Neural Network

0 0 6

Paduan Zona Agro Edu Tourism (AET) dan Plant Factory with Artificial Lighting (PFAL) pada Vertical Urban Farming

0 1 5

Penampilan Galur Harapan F9 Padi Beras Hitam Hasil Persilangan Baas Selem dan Situ Patenggang Performances of F9 Elite Lines of Black Rice Crossed between Baas Selem and Situ Patenggang

0 0 9

Suplementasi Ampas Kecap untuk Meningkatkan Libido dan Produksi Sperma Kambing Peranakan Etawa Supplementation of Soy Sauce Dregs to Improve Libido and Semen Production of Peranakan Etawa Buck

0 0 8

Rancang Bangun Alat Ukur Monitoring Dan Pengukuran Kontaminasi Tanah (Studi Kasus: Desa Pelangan Kecamatan Sekotong) Designing Tool for Monitoring and Measurement Soil Contamination (Case study: Pelangan Village of Sekotong District)

0 0 9

Pengujian Daya Hasil Beberapa Varietas Tanaman Jagung pada Kondisi Cekaman Kekeringan yang Diberi Pupuk Kandang di Lahan Kering Lombok Utara Evaluation of Some Varieties of Maize with Drought Condition under Different Rates of Manure on Dry Land of Northe

0 0 11

Keragaan Produksi Ayam Broiler Pada Berbagai Metode Pemberian Pakan dan Tipe Lantai Kandang (Performance of Broiler Production on Various Feeding Method and Cage Type)

0 0 7

Newton's Laws and His System of the World

0 0 52

SMTP and POP3: Communicating with email Servers

0 0 27