code-access-security

问题 My ASP.NET MVC application includes a number of View files that are editable by the end-user (they're stored in a database and loaded via a VirtualPathProvider). I'd like to allow my users to edit their view files, however I'm wary of the security implications. Is there any way I can enforce some kind of code-access-security that ensures that any code in the view cannot perform any dangerous tasks (i.e. minimum trust, it can only access the database via a passed-in repository object and

问题 i'm the owner of a few corporate github repositories. Lately we have been suspicious of a developer who may be enlisting outsourced help through his borrowed github identity (many 4am commits in batches). Is there a way on github.com to determine the source IP address of the committer? On the traffic page i can infer this info based on teh number of unique clones, but this is not enough data for us to validate our concerns. Cheers, Joe Anonymous 回答1: If this "individual", if I'm quoting your

问题 I have a SQL CLR trigger written in C# 4.0 and deployed on SQL Server 2014. Whenever an insertion happens in a table in SQL Server, this CLR trigger's job is to import that row in an Oracle database. So basically I have to import data in Oracle database whenever an insert query is fired on a table in SQL Server 2014. This is my first CLR SQL trigger project and below is what I am doing: [SecurityCritical] [OraclePermission(System.Security.Permissions.SecurityAction.Assert, Unrestricted = true

问题 I am a .NET student and currently we are learning about Application Domains. We were given the following example code (for .NET 3.5). As expected, it throws a SecurityException. Note: TestApp.exe is added as a reference in the project. Dim file As String = "TestApp.exe" Dim hostEvidence As Object() = {New Zone(SecurityZone.Internet)} Dim appDomainEvidence As Evidence = New Evidence(hostEvidence, Nothing) Dim d As AppDomain = AppDomain.CreateDomain("MyDomain", appDomainEvidence) d

问题 I've a WCF application deployed using clickonce. It connects to my server using https, and everything works fine I use the default proxy when needed thanks to the following code: <configSections> <sectionGroup name="system.net" type="System.Net.Configuration.NetSectionGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"> <section name="defaultProxy" type="System.Net.Configuration.DefaultProxySection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken

问题 If I add the following line to an ASP.NET MVC action method throw new Exception("outer", new SecurityException("inner")); the error that is actually displayed on the yellow screen of death is the inner SecurityException with absolutely no mention of the outer exception. SecurityException Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the

问题 We have an application that we want to make available to the general internet-using public with as few clicks as possible. I'm investigating whether we can use ClickOnce to avoid the confirmation dialog that our existing alternatives entail. My research so far indicates that this ought to be possible as long as (a) the application is AuthentiCode signes, and (b) it comes with a manifest that request a sufficiently innocuous set of permissions. Where can I find a detailed, authoritative list

问题 Is there way to generate serial/hex code something like: xxxx-xxxx-xxxx-xxxx-xxxx-xxxx using java api? when product decipher the code it should able to extract Name Validity Mac Address Additional information Code will be generated based on above factors. I have tried to RSA/ECB/PKCS1Padding with private key/public key. and then converting to HEX, but it needs private key sixe of 4096 and hex code generated is too long! public class ProductKeyGenerator { private static final String

问题 I'm getting the System.Security.SecurityException The demand was for: <PermissionSet class="System.Security.PermissionSet" version="1" Unrestricted="true"/> when attempting to create an AppDomain with restricted permissions defined as follows: var permissionSet = new PermissionSet(PermissionState.None); permissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, System.Reflection.Assembly.GetExecutingAssembly().Location)); permissionSet

问题 I have an assembly that is version 1.0.0.0 and a new version that is 2.0.0.0. Both are installed in my GAC. Currently I can use the "Configured Assemblies" section in the ".NET Framework 2.0 Configuration" tool to enforce that any requests for 1.0 are sent to the 2.0 assembly on my server. This still works the same with 4.0 framework but I need to install teh .Net 2.0 SP1 to get the 2.0 configuration tool. I believe you can also do this with "Publisher Policies" but these seem to be a bit