code-access-security

问题 I am calling ModelMetadataProviders.Current.GetMetadataForProperties to fetch list of ModelMetadata in WPF application with Visual Studio 2010. This call executes fine and I get IEnumerable<> in return. At the code line, where I try to iterate over this, I get System.MethodAccessException. Funny thing is it happens only if I am debugging with F5. If I run code with Ctrl+F5, then I do NOT get this exception and code works fine. If I run exe from windows explorer, it runs fine as well. Surely,

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 7 years ago . Is there any way to protect my code during development so that if a developer leaves my company they are unable to access files in my project? This is especially important with TFS where the project is downloaded locally, cached, and available for offline use. Ideally the code would be unreadable if they did not

问题 I have been a part of so many web applications but have never used CAS, perhaps have also never felt the need to use the same. When is the need to use CAS? Do people actually use it in their applications? 回答1: CAS is really only useful (so to speak) in desktop applications, where you want to restrict what an application run from over the network (for example) is able to do on the local machine. I've found that fooling with CAS is asking for a big, pointless headache, even in this circumstance

问题 My Application provides an API Key and Javascript code to put on their site (similar to google anayytics code). All the calls in the API use JSONP to communicate with our server. Since the API key is sensitive, we have our users coming back and asking to provide a whitelisting option for the domain. This is similar to Linkedin, Facebook, Twitter and Google. Should I be using referrer option to restrict the domain? But a rogue can always manually add this using normal http api and gain access.

问题 Hi this is more question of code security, rather than a question about a directly coding related problem. But I was wondering is it possible to see the code in ui.R and the server.R and that generates the app web browser page? e.g. Although I'm sure I could just ask Garrett to see the code...is it possible, without authorisation, to somehow see the code related to this URL http://glimmer.rstudio.com/gsee/TFX/ which is running the a shinny app? As this might be a problem if putting up

问题 Languages such as Perl, Pythong, etc are usually considered to have a better security comparing with PHP. Apart from possible security holes, one reason can be (I do not know, I am asking) that we do not put the executable files of Perl and Python within public folder. Since PHP files are not executable, it is safe to keep them within public folder. Is it a wise and practical approach to keep php files outside the public folder to restrict possible access by attackers? If yes, is it common?

问题 I've created the following attribute: [Serializable] [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)] public class OperationPermissionAttribute : CodeAccessSecurityAttribute { private static PrincipalPermission _revoke = new PrincipalPermission(PermissionState.None); private static PrincipalPermission _allow = new PrincipalPermission(PermissionState.Unrestricted); private string _role; private string _task; private string _operation;

问题 In .NET 1.x, you could use the StrongNameIdentityPermissionAttribute on your assembly to ensure that only code signed by you could access your assembly. According to the MSDN documentation, In the .NET Framework version 2.0 and later, demands for identity permissions are ineffective if the calling assembly has full trust. This means that any application with full trust can just bypass my security demands. How can I prevent unauthorized code from accessing my assembly in .NET 2.0? 回答1: As per

问题 This doesn't exactly seem to be right although I am unsure why. Advice would be great as the documentation for CMPXCHG16B is pretty minimal (I don't own any intel manuals...) template<> inline bool cas(volatile types::uint128_t *src, types::uint128_t cmp, types::uint128_t with) { /* Description: The CMPXCHG16B instruction compares the 128-bit value in the RDX:RAX and RCX:RBX registers with a 128-bit memory location. If the values are equal, the zero flag (ZF) is set, and the RCX:RBX value is

问题 I have an OSX program written with BASH scripts. I want to enable anyone who has this program downloaded to be able to FTP files to my server (and associate it with their account for them to access the stuff, of course) WITHOUT allowing the user access to the FTP login/access credentials. How do I do this? I already have experience with BASH/Shell, Java, and Procedural C++, so if it can be done with one of these programming languages, that would be preferable. However, Any suitable answer